Bugtraq: Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)

From: André Malo <nd () perlig de>
Date: Tue, 3 Feb 2004 06:39:33 +0100

* Vietnamese Security Group <security () security com vn> wrote:

[snakeoil]

Event if the server does not allow any file parsed (Deny From All), 
the script file fetch.php will still be executed, and it includes 
again and parses any other files in a same directory, which 
indecated by the query variables, to the web client.


Deny from all (in conclusion with some other) denies HTTP access on some
criteria. It doesn't suppose to protect against access from inside the
server.

I post this issue in the public mailing list, because I think this 
vuln is not exploitable by a remote attacker. If something were 
wrong, drop a line to me.


Next time, try a user support forum first. Thanks.

nd

By Date By Thread

Current thread:

BUG IN APACHE HTTPD SERVER (current version 2.0.47) Vietnamese Security Group (Feb 02)
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) André Malo (Feb 03)
- <Possible follow-ups>
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) Vietnamese Security Group (Feb 03)
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) langtuhaohoa caothuvolam (Feb 04)
  - Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) André Malo (Feb 04)
    - Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) Dan Yefimov (Feb 05)
    - Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47) Seth Arnold (Feb 06)