>Number: 5811 >Category: mod_usertrack >Synopsis: search of the cookie name in the cookie string >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Feb 25 15:50:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: [EMAIL PROTECTED] >Release: 1.3.10 >Organization: apache >Environment: Linux neon 2.2.14 #1 Tue Jan 18 21:24:03 CET 2000 i686 unknown
Server version: Apache/1.3.9 (Unix) Server built: Feb 9 2000 16:16:50 Server's Module Magic Number: 19990320:6 Server compiled with.... -D HAVE_MMAP -D HAVE_SHMGET -D USE_SHMGET_SCOREBOARD -D USE_MMAP_FILES -D USE_FCNTL_SERIALIZED_ACCEPT -D HTTPD_ROOT="/usr/local/apache" -D SUEXEC_BIN="/usr/local/apache/bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard" -D DEFAULT_LOCKFILE="logs/httpd.lock" -D DEFAULT_XFERLOG="logs/access_log" -D DEFAULT_ERRORLOG="logs/error_log" -D TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" -D ACCESS_CONFIG_FILE="conf/access.conf" -D RESOURCE_CONFIG_FILE="conf/srm.conf" bin/httpd -l Compiled-in modules: http_core.c mod_log_config.c mod_mime_magic.c mod_mime.c mod_negotiation.c mod_cgi.c mod_alias.c mod_rewrite.c mod_expires.c mod_usertrack.c mod_unique_id.c >Description: just use a cookie name very small like 'e=952342324' with another cookie say 'foo=AZeRZRi'. If you are lucky, your browser will give to apache the second cookie first and mod_usertrack will match (strstr) the name 'e' in the value of the first cookie and this is bad. >How-To-Repeat: no example, it is so simple to do it >Fix: should match something like ' e=...' not just 'e' >Release-Note: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
