httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: MAJOR SECURITY-PROBLEM Apache 2.4.6
Date Wed, 01 Oct 2014 18:19:17 GMT
On Wed, Oct 1, 2014 at 2:16 PM, Eric Covener <> wrote:

> To me, this does not exonerate mod_php, it implicates it.  I suspect your
> source code is served because PHP swallowed the LimitRequestBody​ and then
> passed control back to Apache.  I'm fairly certain I responded to you
> privately with similar information already.

​I should add that I don't understand your scenario completely, where the
file is not processed.​ I think my own test result was the same as Yehuda
ITT which is not the same as what I just described with the default handler
taking over.

View raw message