Security Issue in Default Appache Configuration; Good Day Guys!
There is currently a bug in the default security settings for apache as shipped w/ 9.2 which allow a user to proxy information through the webserver, without any form of authentication. See exert of exploit below. I'm wondering how I can easily modify my httpd.conf file to remove this "feature"? I'm afraid I really don't understand what mode/module has been loaded to allow it to do this. Nelson $ telnet nkacedsl.gta.igs.net 80 Trying 216.58.89.253... Connected to nkacedsl.gta.igs.net. Escape character is '^]'. POST http://irc.mircx.com:6667/ HTTP/1.0 Content-type: text/plain Content-length: 5 quit HTTP/1.1 200 OK Date: Mon, 06 Oct 2003 20:03:01 GMT Server: Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6mdk) mod_perl/1.99_09 Perl/v5.8.1 PHP/4.3.2 Connection: close Content-Type: text/plain :irc.mircx.com NOTICE AUTH :*** Looking up your hostname...:irc.mircx.com NOTICE AUTH :*** Checking Ident :irc.mircx.com NOTICE AUTH :*** Found your hostname :irc.mircx.com NOTICE AUTH :*** No Ident response ERROR :Closing Link: 0.0.0.0 (Quit: ) Connection closed by foreign host. -- Nelson Bartley <[EMAIL PROTECTED]>
