[Bug 59772] New: "Content Spoofing" via Apache default 404 responses

bugzilla Wed, 29 Jun 2016 14:02:29 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=59772


            Bug ID: 59772
           Summary: "Content Spoofing" via Apache default 404 responses
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: [email protected]
          Reporter: [email protected]

Hi there,

I've seen lots of reports of "Content Spoofing" or "Parameter Tampering"
vulnerabilities in websites that essentially come down to the website sending
the default Apache 404 responses that include the path of the missing URI in
the response body.

Examples:

https://hackerone.com/reports/106350

https://bugzilla.mozilla.org/show_bug.cgi?id=850546


Since this is an Apache default it would help to know whether or not the Apache
team considers the behavior to be a vulnerability.

Your bugzilla instance has the same behavior.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 59772] New: "Content Spoofing" via Apache default 404 responses

Reply via email to