You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@kiwi.ics.uci.edu> on 1997/09/05 18:43:15 UTC

Re: [linux-security] Security Hole. Appache. (fwd)

>One minor point: Apache handles GET vs. HEAD for scripts. It passes
>REQUEST_METHOD as GET, and cuts off the response after the headers.

Ummm, I don't think so

    table_set (e, "REQUEST_METHOD", r->method);

in util_script.c.

....Roy [who didn't need to scream in agony after all]

Re: [linux-security] Security Hole. Appache. (fwd)

Posted by Alexei Kosut <ak...@organic.com>.

On Fri, 5 Sep 1997, Roy T. Fielding wrote:

> >One minor point: Apache handles GET vs. HEAD for scripts. It passes
> >REQUEST_METHOD as GET, and cuts off the response after the headers.
> 
> Ummm, I don't think so
> 
>     table_set (e, "REQUEST_METHOD", r->method);
> 
> in util_script.c.

Oops. Yes, well I was half right (it does cut off the response, but it
also sends "HEAD").

-- Alexei Kosut <ak...@organic.com>