httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <and...@tees.elsevier.co.uk>
Subject Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux
Date Thu, 02 Nov 1995 16:40:24 GMT
> >X-POP3-Rcpt: awm@luers.qosina.com
> >From: craig@craigster.com
> >To: awm@qosina.com
> >Date: Wed Nov  1 17:28:44 1995
> >Subject: WWW Form Bug Report: "Security bug involving ScriptAliased
> directories" on Linux
> >
> >Submitter: craig@craigster.com
> >Operating system: Linux, version: 1.2.13
> >Extra Modules used: none
> >URL exhibiting problem: http://www.apache.org//cgi-bin/access_count

Mmm, well this seems to work, ie you get binary.  I can't find any other
scripts that do the same thing though.  eg:

	http://www.apache.org//cgi-bin/test-cgi

doesn't misbehave in any way.  What's so special about access_count?

> >Symptoms:
> >--
> >If someone puts an extra "/" in a URL that points to 
> >an executable file in a ScriptAliased directory, the 
> >SOURCE of a Perl script (or binary information for 
> >compiled programs) is output as plain text.  
> >
> >The problem occurs in both Netscape and Lynx.
> >
> >Please respond ASAP, as this is a serious security 
> >issue for us and we're looking for a fix.  We have 
> >triple-checked our configuration files, and don't 
> >see any problems on our end.  The bug is even evident 
> >APACHE.ORG's server.

*yelp*  a showstopper.

Ay.

Mime
View raw message