httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dean gaudet <d...@arctic.org>
Subject apache-1.3.20 segfault?
Date Thu, 20 Sep 2001 22:20:06 GMT
hrm, is the segfault described below a known bug?  (i haven't tried it...)

-dean

---------- Forwarded message ----------
From: Jeff Moe <tux@themoes.org>
To: tux-list@redhat.com
Subject: Re: Serous TUX 2.4.9-J5 problem
Reply-To: tux-list@redhat.com
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/tux-list>,
	<mailto:tux-list-request@redhat.com?subject=subscribe>
List-Archive: <https://listman.redhat.com/mailman/private/tux-list/>
Date: Thu, 20 Sep 2001 13:54:30 -0600

On Thursday 20 September 2001 10:42 am, Nathan G. Grennan wrote:
[Chop]
>I restarted Tux fresh and telneted to port 80 and pasted the line in and
> sure enough it instantly crashed. I believe the line I used was:
>
> GET /scripts /..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0

Apache 1.3.20 (and presumably earlier) has a similar bug. I noticed this
during the recent worming. It may be related to Tux's problem. Here's how to
reproduce it in Apache:

1) You need to redirect 404s to a 404 document:
ErrorDocument 404 /fourofour.shtml
2) You need be parsing that file:
AddHandler server-parsed .shtml
3) You need to send it a request like:
http://server.com/test%2fing

Apache will Segfault and you'll get a "Document returned no data error" in
the browser.

-Jeff



_______________________________________________
tux-list mailing list
tux-list@redhat.com
https://listman.redhat.com/mailman/listinfo/tux-list


Mime
View raw message