httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject security hole redux
Date Wed, 27 Nov 1996 18:57:09 GMT

I will veto any release of Apache 1.2 with the security hole I mentioned
earlier this week.  Can someone familiar with content negotiation and mod_dir
please look into this issue?  My guess is that mod_dir is specified as a
handler for */*, and when mod_negotiation declines the request by finding no
acceptable variant, mod_dir kicks in.  But I don't really know that stretch of
code.  I will try to look into it today, but I'm way behind on the
learning curve.



View raw message