httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dean gaudet <>
Subject apache-1.3.20 segfault?
Date Thu, 20 Sep 2001 22:20:06 GMT
hrm, is the segfault described below a known bug?  (i haven't tried it...)


---------- Forwarded message ----------
From: Jeff Moe <>
Subject: Re: Serous TUX 2.4.9-J5 problem
List-Subscribe: <>,
List-Archive: <>
Date: Thu, 20 Sep 2001 13:54:30 -0600

On Thursday 20 September 2001 10:42 am, Nathan G. Grennan wrote:
>I restarted Tux fresh and telneted to port 80 and pasted the line in and
> sure enough it instantly crashed. I believe the line I used was:
> GET /scripts /..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0

Apache 1.3.20 (and presumably earlier) has a similar bug. I noticed this
during the recent worming. It may be related to Tux's problem. Here's how to
reproduce it in Apache:

1) You need to redirect 404s to a 404 document:
ErrorDocument 404 /fourofour.shtml
2) You need be parsing that file:
AddHandler server-parsed .shtml
3) You need to send it a request like:

Apache will Segfault and you'll get a "Document returned no data error" in
the browser.


tux-list mailing list

View raw message