httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Asif Iqbal <>
Subject [users@httpd] apache vulnerability
Date Wed, 29 Oct 2003 18:37:49 GMT

Hi All

According to this url

mod_alias and mod_rewrite have possible buffer overfolw vulnerabilities "if they
are configured with a regular expression with more than 9 captures".
Exploitation requires a specially crafted .htaccess file

How would I know if I am using 9 captures or not ? Sorry for a newbie question

Thanks a lot

Asif Iqbal
There's no place like

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message