See http://marc.theaimsgroup.com/?l=bugtraq&m=115527423727441&w=2
which basically reports "if you put cgi-bin under docroot then you can view cgi scripts on OS which have case insensitive filesystems" Joe replied: http://marc.theaimsgroup.com/?l=bugtraq&m=115574424402976&w=2 and I submitted that as an "DISPUTED" to CVE But the original reporter disagrees: http://marc.theaimsgroup.com/?l=bugtraq&m=115583509231594&w=2 I think the right response here is to make it more explicit in the documentation that putting a ScriptAlias cgi-bin inside document root is bad. Mark -- Mark J Cox | www.awe.com/mark
