>Number: 497 >Category: mod_negotiation >Synopsis: cgi-bin negotiation bug -> Security hole >Confidential: no >Severity: critical >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Apr 28 12:30:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2b8 >Environment: AIX/Solaris, 4.x,2.5.x, gcc, etc. >Description: If content-negotiation is turned on generally, and a cgi program (say foo.cgi) is called unqualified, say as /cgi-bin/foo, it loses its script-ness, and returns the source code as text/html!!
>How-To-Repeat: Find a script named foo.cgi on a machine with content-neg on, and call it as foo ... yikes! >Fix: This is obviously pretty bad. I will turn off negotiation in cgi-bin dirs, and I think something like <Files ~ .cgi|.pl> -ContentNegotiation (or whatever the syntax is) will plug the hole generally, but what happens if there are alternate version of a script, eg foo.cgi.es|en ? Seems like maybe mod_negotiation should be moved the other side of mod_cgi in the Makefile?? I don't know what that might affect though... %0 >Audit-Trail: >Unformatted:
