httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark J Cox <>
Subject CGI Script Source Code Disclosure Vulnerability in Apache for Windows
Date Fri, 18 Aug 2006 09:16:19 GMT

which basically reports "if you put cgi-bin under docroot then you can
view cgi scripts on OS which have case insensitive filesystems"

Joe replied:
and I submitted that as an "DISPUTED" to CVE

But the original reporter disagrees:

I think the right response here is to make it more explicit in the
documentation that putting a ScriptAlias cgi-bin inside document root is

Mark J Cox |

View raw message