[Bug 60402] New: ScriptAlias works as Alias when mod_cgi is not load

bugzilla Tue, 22 Nov 2016 08:59:32 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=60402


            Bug ID: 60402
           Summary: ScriptAlias works as Alias when mod_cgi is not load
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_alias
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

ScriptAlias works as if it were Alias when mod_cgi is not load.

This is a security hole as the visitor receives access to CGI files (which may
contain passwords and other secret information), when mod_cgi is not load by
mistake.

Instead ScriptAlias should fail with an error when mod_cgi isn't load.

Apache/2.4.10 (Debian)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 60402] New: ScriptAlias works as Alias when mod_cgi is not load

Reply via email to