5531406 2000-09-29  18:47  /46 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <13002>
Ärende: Security vulnerability in Apache mod_rewrite
------------------------------------------------------------
From: Kevin van der Raad <k.van.der.raad@ITSEC.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <39D4714F.1494DAF9@itsec.nl>

Hi,

We stumbled across the following article and did not see this issue
here in Bugtraq:


>
> http://www.apacheweek.com/issues/00-09-22
>
> Security vulnerability in mod_rewrite
>
> The Apache development list this week contains a fix for a security issue that affects previous
> versions of Apache, including Apache 1.3.12. Apache is only vulnerable if you use mod_rewrite
> and a specific case of the directive RewriteRule. If the result of a RewriteRule is a filename
> that contains regular expression references then an attacker may be able to access any
> file on the web server.
>
> Here are some example RewriteRule directives. The first is vulnerable, but the others are not
>
> 	RewriteRule    /test/(.*)		/usr/local/data/test-stuff/$1
> 	RewriteRule    /more-icons/(.*)		/icons/$1
> 	RewriteRule    /go/(.*)			http://www.apacheweek.com/$1
>
> The patch is currently being tested and will be part of the release of Apache 1.3.13. Until
> then, users should check their configuration files and not use rules that map to a filename
> such as the first example above.
>


--

Kevin van der Raad <mailto:k.van.der.raad@itsec.nl>

ITsec Nederland B.V. <http://www.itsec.nl>
Exploit & Vulnerability Alerting Service

P.O. box 5120
NL 2000 GC Haarlem
Tel +31(0)23 542 05 78
Fax +31(0)23 534 54 77
(5531406) ------------------------------------------(Ombruten)