httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: Bugs still present in 1.2.4 (fwd)
Date Fri, 19 Sep 1997 00:32:15 GMT
At 03:57 PM 9/18/97 -0700, Roy T. Fielding wrote:
>I did respond to Jim (and a few other Dienst folks) last year, and my
>response was quite clear about why it is NOT a bug in Apache.  It was
>a deliberate plug of a security hole in some broken CGI scripts.
>We didn't "fix" the problem because we didn't want to reintroduce the
>security hole.
>We should find another way to avoid the security hole, but they could
>have just as easily (and more correctly) avoided using %2F in Dienst.
>That is why it was not a priority.

Is this bug in any of the CGI scripts in 1.2.4?


"it's a big world, with lots of records to play." - sig

View raw message