https://bz.apache.org/bugzilla/show_bug.cgi?id=66599
Eric Covener <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #6 from Eric Covener <[email protected]> --- The repeating "add path info postfix" is related to the missing file, the remainder of the URL is treated as PATH_INFO. The config indirectly continually adds uppercase characters during the scan for uppercase characters. for the functional issue, use the internal tolower rewritemap. I believe the answer on [email protected] would be that it requires the attacker to have write access to the config (incl htaccess) and we would not consider it a vulnerability. This case may be inadvertent but it's not idiomatic at all. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
