You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Eric Covener <co...@gmail.com> on 2014/11/20 01:16:14 UTC
Fwd: [Bug 57204] New: LuaAuthzProvider mixes up parsed require
arguments when used multiple times
CVE worthy?
(sent to dev@ since it's mild and already discussed publically)
---------- Forwarded message ----------
From: <bu...@apache.org>
Date: Wed, Nov 12, 2014 at 9:52 AM
Subject: [Bug 57204] New: LuaAuthzProvider mixes up parsed require
arguments when used multiple times
To: bugs@httpd.apache.org
https://issues.apache.org/bugzilla/show_bug.cgi?id=57204
Bug ID: 57204
Summary: LuaAuthzProvider mixes up parsed require arguments
when used multiple times
Product: Apache httpd-2
Version: 2.4.10
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_lua
Assignee: bugs@httpd.apache.org
Reporter: covener@gmail.com
as reported in comments section of the manual anonymously, it looks like the
lua-specific hash used to store the parameters gets mixed up if you define 1
provider but use it with multiple require arguments.
original:
http://httpd.apache.org/docs/trunk/mod/mod_lua.html#comment_3245
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
--
Eric Covener
covener@gmail.com
Fwd: [Bug 57204] New: LuaAuthzProvider mixes up parsed require
arguments when used multiple times
Posted by Eric Covener <co...@gmail.com>.
Mark, can you allocate a CVE for this? It is already public.
---------- Forwarded message ----------
From: Eric Covener <co...@gmail.com>
Date: Wed, Nov 19, 2014 at 7:16 PM
Subject: Fwd: [Bug 57204] New: LuaAuthzProvider mixes up parsed
require arguments when used multiple times
To: Apache HTTP Server Development List <de...@httpd.apache.org>
CVE worthy?
(sent to dev@ since it's mild and already discussed publically)
---------- Forwarded message ----------
From: <bu...@apache.org>
Date: Wed, Nov 12, 2014 at 9:52 AM
Subject: [Bug 57204] New: LuaAuthzProvider mixes up parsed require
arguments when used multiple times
To: bugs@httpd.apache.org
https://issues.apache.org/bugzilla/show_bug.cgi?id=57204
Bug ID: 57204
Summary: LuaAuthzProvider mixes up parsed require arguments
when used multiple times
Product: Apache httpd-2
Version: 2.4.10
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_lua
Assignee: bugs@httpd.apache.org
Reporter: covener@gmail.com
as reported in comments section of the manual anonymously, it looks like the
lua-specific hash used to store the parameters gets mixed up if you define 1
provider but use it with multiple require arguments.
original:
http://httpd.apache.org/docs/trunk/mod/mod_lua.html#comment_3245
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
--
Eric Covener
covener@gmail.com
--
Eric Covener
covener@gmail.com