not acked
--- Begin Message ---
Dear Apache Security Team,
I would like to report the following security bug we have found.
We have done update on Apache server from 2.0.x to 2.2.x. Afterwards, the root
filesystem was exposed to public. The root cause was the following
misconfigured rewrite rule:
RewriteRule ^(.*) $1 [E=ORDNER:X,E=TOMCAT:http://10.x.x.x/X]
After fixing the rewrite rule the root filesystem was hidden from public as it
should be.
Fixed rule is: RewriteRule ^(.*) -
[E=ORDNER:X,E=TOMCAT:http://10.x.x.x/X]
The following is details of my environment:
OS: Red Hat Enterprise Linux Server release 5.7 (Tikanga) i686
Apache: 2.2.21
Please let me know if you require more information. And advise if you confirm
this security bug.
Best Regards,
------------------------------------------------------
]init[ Middle East - Digital Communication
Rami Ahmad
Professional System Administrator
Abu Dhabi Mall, East Tower, Office No. E103
P.O. Box 109551
Abu Dhabi, U.A.E.
Office: +971 26445560
Mobile: +971 (0)561231587
Fax: +971 26445622
rami.ah...@init.de<mailto:mohamed.lakh...@init.de>
http://www.init.ae<http://www.init.ae/>
]init[ AG fuer digitale Kommunikation – Abu Dhabi Branch
إينيت للإتصال الرقمي شركه مساهمه - فرع أبوظبي
--- End Message ---
