You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@kiwi.ics.uci.edu> on 1997/09/05 18:43:15 UTC
Re: [linux-security] Security Hole. Appache. (fwd)
>One minor point: Apache handles GET vs. HEAD for scripts. It passes
>REQUEST_METHOD as GET, and cuts off the response after the headers.
Ummm, I don't think so
table_set (e, "REQUEST_METHOD", r->method);
in util_script.c.
....Roy [who didn't need to scream in agony after all]
Re: [linux-security] Security Hole. Appache. (fwd)
Posted by Alexei Kosut <ak...@organic.com>.
On Fri, 5 Sep 1997, Roy T. Fielding wrote:
> >One minor point: Apache handles GET vs. HEAD for scripts. It passes
> >REQUEST_METHOD as GET, and cuts off the response after the headers.
>
> Ummm, I don't think so
>
> table_set (e, "REQUEST_METHOD", r->method);
>
> in util_script.c.
Oops. Yes, well I was half right (it does cut off the response, but it
also sends "HEAD").
-- Alexei Kosut <ak...@organic.com>