httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: cvs commit: httpd-2.0/docs/manual/vhosts fd-limits.html.en
Date Sun, 16 Jun 2002 22:55:45 GMT
Tony Finch wrote:
> On Sat, Jun 15, 2002 at 10:15:17PM -0400, Joshua Slive wrote:

>>I guess you can put pretty much whatever you like in the Host: header. 
>>It is not a major security whole, in my opinion, but it is better not 
>>allowed.  Cliff just checked in a fix to get rid of the problem in 
>>httpd-2.0.
> 
> 
> Before this hole was fixed in 1.3 it exposed the password file etc.

I don't believe so.  You could only write to files with the .log extension.

Joshua.


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message