httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject B60 uploaded: leading slash bug
Date Fri, 07 Apr 1995 16:07:00 GMT
I've uploaded B60-leading-slash.txt, which fixes this bug:

Requesting a resource without a leading slash will:
* not work (not a problem as it could only come from an invalid URL)
* cause a possible security breach; if docroot is /htdocs then
  GET -secret/passwd HTTP/1.0

  will cause httpd to access /htdocs-secret/passwd

David.

Mime
View raw message