---------- Forwarded message ---------- From: Kevin van der Raad <[EMAIL PROTECTED]> Subject: Security vulnerability in Apache mod_rewrite Resent-Subject: Security vulnerability in Apache mod_rewrite Organization: ITsec Nederland B.V. Date: Fri, 29 Sep 2000 12:39:11 +0200 To: [EMAIL PROTECTED] Hi, We stumbled across the following article and did not see this issue here in Bugtraq: > > http://www.apacheweek.com/issues/00-09-22 > > Security vulnerability in mod_rewrite > > The Apache development list this week contains a fix for a security issue that >affects previous > versions of Apache, including Apache 1.3.12. Apache is only vulnerable if you use >mod_rewrite > and a specific case of the directive RewriteRule. If the result of a RewriteRule is >a filename > that contains regular expression references then an attacker may be able to access >any > file on the web server. > > Here are some example RewriteRule directives. The first is vulnerable, but the >others are not > > RewriteRule /test/(.*) /usr/local/data/test-stuff/$1 > RewriteRule /more-icons/(.*) /icons/$1 > RewriteRule /go/(.*) http://www.apacheweek.com/$1 > > The patch is currently being tested and will be part of the release of Apache >1.3.13. Until > then, users should check their configuration files and not use rules that map to a >filename > such as the first example above. > -- Kevin van der Raad <mailto:[EMAIL PROTECTED]> ITsec Nederland B.V. <http://www.itsec.nl> Exploit & Vulnerability Alerting Service P.O. box 5120 NL 2000 GC Haarlem Tel +31(0)23 542 05 78 Fax +31(0)23 534 54 77 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
