Bugtraq mailing list archives
Security vulnerability in Apache mod_rewrite
From: Kevin van der Raad <k.van.der.raad () itsec nl>
Date: Fri, 29 Sep 2000 12:39:11 +0200
Hi, We stumbled across the following article and did not see this issue here in Bugtraq:
http://www.apacheweek.com/issues/00-09-22 Security vulnerability in mod_rewrite The Apache development list this week contains a fix for a security issue that affects previous versions of Apache, including Apache 1.3.12. Apache is only vulnerable if you use mod_rewrite and a specific case of the directive RewriteRule. If the result of a RewriteRule is a filename that contains regular expression references then an attacker may be able to access any file on the web server. Here are some example RewriteRule directives. The first is vulnerable, but the others are not RewriteRule /test/(.*) /usr/local/data/test-stuff/$1 RewriteRule /more-icons/(.*) /icons/$1 RewriteRule /go/(.*) http://www.apacheweek.com/$1 The patch is currently being tested and will be part of the release of Apache 1.3.13. Until then, users should check their configuration files and not use rules that map to a filename such as the first example above.
-- Kevin van der Raad <mailto:k.van.der.raad () itsec nl> ITsec Nederland B.V. <http://www.itsec.nl> Exploit & Vulnerability Alerting Service P.O. box 5120 NL 2000 GC Haarlem Tel +31(0)23 542 05 78 Fax +31(0)23 534 54 77
Current thread:
- Security vulnerability in Apache mod_rewrite Kevin van der Raad (Sep 29)
- Re: Security vulnerability in Apache mod_rewrite Tony Finch (Sep 30)