httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jennifer Myers <>
Subject Re: util.c hole and speed of security patch release
Date Tue, 23 Apr 1996 05:05:40 GMT
I wrote:

> PATH_INFO nor QUERY_STRING are).  I guess the guy at NASIRC has found
> a CGI script which relies on argv not being escaped...
Oops, typo! Strike the "not".

In any case, I don't believe any of the CGI programs distributed with
Apache or NCSA httpd meet the requisite contrived conditions for an
exploit by way of the newline character being missing in

Jennifer Myers

View raw message