| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040203233742.15063.qmail@www.securityfocus.com> Date: 3 Feb 2004 23:37:42 -0000 From: langtuhaohoa caothuvolam <trungonly@...oo.com> To: bugtraq@...urityfocus.com Subject: Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) In-Reply-To: <20040203063933.12546429.nd@...lig.de> >From: =?ISO-8859-15?Q?Andr=E9?= Malo <nd@...lig.de> > > >Deny from all (in conclusion with some other) denies HTTP access on some >criteria. It doesn't suppose to protect against access from inside the >server. > Deny From All: In this way they can access from outside the server. AllowOverride FileInfo (only): Apache must suppose to protect against .htaccess override from inside the server. In fact, Apache should check for config permission again in the ap_process_request_internal() function. > >> I post this issue in the public mailing list, because I think this >> vuln is not exploitable by a remote attacker. If something were >> wrong, drop a line to me. > >Next time, try a user support forum first. Thanks. > >nd > I think it's a vuln, in fact I confirmed someones for that. Then I post it into a bug-tracker list instead of in a user support forum. Thanks for your comment.
Powered by blists - more mailing lists