You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Jerry Walsh <je...@nitroweb.net> on 2001/02/05 15:34:18 UTC
mod_negotiation/7193: MultiViews causes script dump?
>Number: 7193
>Category: mod_negotiation
>Synopsis: MultiViews causes script dump?
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Feb 05 06:40:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: jerry@nitroweb.net
>Release: 1.3.14
>Organization:
apache
>Environment:
FreeBSD 4.2-STABLE FreeBSD 4.2-STABLE #0: Tue Jan 16 10:49:04 GMT 2001
FreeBSD 3.5-STABLE FreeBSD 3.5-STABLE #0: Wed Jan 24 10:15:12 GMT 2001
>Description:
Hello,
I did not test this alot
but i managed to reproduce it on the above envoirnments
Basically
my cgi-bin's are all in:
/www/CGI-BIN
For this directory if i use:
<Directory /www/CGI-BIN/>
Options MultiViews
</Directory>
Restart apache and then run a cgi script
lets say
http://search.apache.org/index.cgi
The script runs - no problems
but if i do:
http://search.apache.org/index
I get the source code of the cgi
(NOTE i am using search.apache.org as an EXAMPLE - it does NOT work here)
If i removed MultiViews from the options this fixes the problem.
I tried this with the CGI-BIN inside and outside the webroot - both displayed the cgi source code when MultiViews was enabled.
Can you tell me what's going on here?
is this a known bug?
>How-To-Repeat:
# mkdir -p /www/WWW/your-host.com
Put the following in your config file:
<Directory "/www/WWW/">
Options MultiViews
</Directory>
<VirtualHost Your-host.com>
ScriptAlias /cgi-bin/ "/www/WWW/cgi-bin/"
DocumentRoot /www/WWW/your-host.com/
ServerName your-host.com
</VirtualHost>
put a cgi script in the cgi-bin for your-host.com
check to see if it runs
if it does
then access the cgi script WITHOUT its extension.
>Fix:
Remove MultiViews from your options?
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]