You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by st...@apache.org on 2002/04/19 20:37:05 UTC
cvs commit: apache-1.3/src CHANGES
stoddard 02/04/19 11:37:05
Modified: src CHANGES
Log:
Flag this a bit more clearly as a security issue...
Revision Changes Path
1.1808 +2 -1 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1807
retrieving revision 1.1808
diff -u -r1.1807 -r1.1808
--- CHANGES 19 Apr 2002 11:15:18 -0000 1.1807
+++ CHANGES 19 Apr 2002 18:37:05 -0000 1.1808
@@ -34,7 +34,8 @@
*) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
directives were improperly terminated. [Cliff Woolley]
- *) Introduce proper escaping of command.com and cmd.exe for Win32.
+ *) Win32 Security: CAN-2002-0061
+ Introduce proper escaping of command.com and cmd.exe for Win32.
These patches close vulnerability CAN-2002-0061, identified and
reported by Ory Segal <or...@sanctuminc>, by which any CGI
invocation of .bat or .cmd files could compromise the system