>Number: 2223 >Category: general >Synopsis: CGI mime-type included by default >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: change-request >Submitter-Id: apache >Arrival-Date: Wed May 13 02:30:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.b6 >Environment: This suggestion concerns every platform >Description: The new mime.types file in the 1.3-Distribution includes the "application/x-httpd-cgi cgi" entry. If user home directories are allowed, then this might lead to unwanted cgi execution by any user. >How-To-Repeat:
>Fix: remove "application/x-httpd-cgi cgi" from default mime.types file in distribution >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
