httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: BIG: WWW Form Bug Report: "Security vulnerability with errordocument in .htaccess" on Solaris 2.x (fwd)
Date Wed, 08 May 1996 03:35:20 GMT
On Tue, 7 May 1996, Ben Laurie wrote:

> Hmm, yes. And it will almost certainly apply to 1.0.5. I imagine that other
> related attacks may be possible, too. We must view every open() with extreme
> cynicism. Perhaps we need a secure_open() function?

Maybe so, but doesn't apply to 1.0.5 at all. Allowing ErrorDocument in
.htaccess files is a 1.1 feature.

Alexei Kosut <>      The Apache HTTP Server
      "War does not determine who is right, only who is left."

View raw message