See
http://marc.theaimsgroup.com/?l=bugtraq&m=115527423727441&w=2
which basically reports "if you put cgi-bin under docroot then you can
view cgi scripts on OS which have case insensitive filesystems"
Joe replied:
http://marc.theaimsgroup.com/?l=bugtraq&m=115574424402976&w=2
and I submitted that as an "DISPUTED" to CVE
But the original reporter disagrees:
http://marc.theaimsgroup.com/?l=bugtraq&m=115583509231594&w=2
I think the right response here is to make it more explicit in the
documentation that putting a ScriptAlias cgi-bin inside document root is
bad.
Mark
--
Mark J Cox | www.awe.com/mark
|