https://bz.apache.org/bugzilla/show_bug.cgi?id=64852
Bug ID: 64852
Summary: Leakage of .ht contents
Product: Apache httpd-2
Version: 2.4.46
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_access_compat
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Locate the ".htaccess" file in httpd's public directory.
---- start .htaccess ----
satisfy any
order deny,allow
deny from all
allow from 192.168.1.0/24
authtype basic
authuserfile /var/www/html/.htpasswd
authgroupfile /dev/null
authname "authorization required"
require valid-user
--- end .htaccess ----
Usually, any user can not access ".htaccess/.htpasswd" file because of
configuration, but user can read ".ht" file contents from allowed network
(192.168.1.x). If access from outside of allowed network or authorized user.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
