Bug#517377: apache 1.3 shows perl script source in iphone-browser
In case of a normal Firefox access: +0100] "GET /wol/ HTTP/1.1" 304 - "https://proxy.xyz.ch/"; "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5" In case of the iphone-acess: +0100] "GET /wol HTTP/1.1" 301 269 "-" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5H11 Safari/525.20" -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#517377: apache 1.3 shows perl script source in iphone-browser
Package: apache Version: 1.3.34-4.1+etch1 Severity: grave When a script called "index.cgi" is the directory-index in apache 1.3 and this script is accessed using the iphone browser, apache shows the script source of the perl script, even if the perl script is correctly being executed when accessed with any other browser. This might expose passwords and might be a severe security issue. I am using Debian GNU/Linux 4.0 Etch, kernel 2.6.18-6-vserver-686 -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org