---------- Forwarded message ----------
From: "Dufresne, Ronald ()" <[EMAIL PROTECTED]>
Date: Fri, 6 Oct 2000 02:24:47 -0400
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
*** {00.41.008} Cros - Apache mod_rewrite arbitrary file download
A vulnerability in Apache's mod_rewrite module lets a remote attacker
download files (using '..' notaiton) from the system if you configure
mod_rewrite to use physical paths.
A patch is available at:
http://archives.neohapsis.com/archives/bugtraq/2000-09/0362.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
