>Number: 840 >Category: mod_include >Synopsis: Bogus error_log entry >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Jul 8 08:10:02 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.0 >Environment: Linux 2.0 i586 >Description: If someones uses (by mistake) something like this:
<!--#exec cmd="/path/to/dir"--> the following entry appears in the error_log: "/bin/sh: /path/to/dir: is a directory" Without a leading date-entry and without a clue what include the invalid CGI reference contains. This also happens if the command is not executable (due to permissions). >How-To-Repeat: >Fix: Use stat on the supplied command-path and check permisions before calling /bin/sh >Audit-Trail: >Unformatted:
