httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] apache vulnerability
Date Wed, 29 Oct 2003 18:50:37 GMT

On Wed, 29 Oct 2003, Asif Iqbal wrote:

>
> Hi All
>
> According to this url
>
> http://www.secunia.com/advisories/10096
>
> mod_alias and mod_rewrite have possible buffer overfolw vulnerabilities "if they
> are configured with a regular expression with more than 9 captures".
> Exploitation requires a specially crafted .htaccess file
>
> How would I know if I am using 9 captures or not ? Sorry for a newbie question

A "capture" in a regular expression, is something between parathesis, as
in (.*) or ([a-z]+).  I'm sure there are VERY few people using more than 9
captures.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message