>Number: 863
>Category: mod_auth-any
>Synopsis: Server bypass .htaccess files authorization configuration in
>access.conf file.
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Mon Jul 14 07:50:00 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: apache-1.2.1
>Environment:
SunOS vader 5.5.1 Generic_103640-08 sun4u sparc, gcc-2.7.2.2 compiler.
>Description:
The serve bypass the authorization .htaccess file as well as the configuration
in the access.conf file. The same configuration and .htaccess file works if
configure in public_html directory.
>How-To-Repeat:
http://www2.ed.gov/Programs/setform/
>Fix:
No
>Audit-Trail:
>Unformatted:
