You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Ulrich Babiak <ub...@no_Sp*m_WaNted.netcologne.de> on 1998/05/13 11:27:29 UTC

general/2223: CGI mime-type included by default

>Number:         2223
>Category:       general
>Synopsis:       CGI mime-type included by default
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Wed May 13 02:30:00 PDT 1998
>Last-Modified:
>Originator:     ubabiak@no_Sp*m_WaNted.netcologne.de
>Organization:
apache
>Release:        1.3.b6
>Environment:
This suggestion concerns every platform
>Description:
The new mime.types file in the 1.3-Distribution includes the
"application/x-httpd-cgi         cgi"
entry. If user home directories are allowed, then this might lead
to unwanted cgi execution by any user.
>How-To-Repeat:

>Fix:
remove "application/x-httpd-cgi         cgi" from default mime.types file
in distribution
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]