[Bug 69199] New: Fix for CVE-2024-38474 also blocks %3f in ignored query string

bugzilla Tue, 16 Jul 2024 01:59:06 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=69199


            Bug ID: 69199
           Summary: Fix for CVE-2024-38474 also blocks %3f in ignored
                    query string
           Product: Apache httpd-2
           Version: 2.4.60
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_rewrite
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

This is similar to bug 69197.


Virtual Host configuration:

RewriteRule ^/a$ /b?x=1 [R=302,L]


This request is answered with status code 403:

http://localhost/a?y=%3f


So the request is blocked because the original request URL contains "%3f" and
the new URL contains a "?". But this rewrite rule does not use the query string
of the original request at all. The new URL contains a "?" because there is a
"?" in the substitution string "/b?x=1". mod_rewrite is too strict here.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 69199] New: Fix for CVE-2024-38474 also blocks %3f in ignored query string

Reply via email to