You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Eric Covener <co...@gmail.com> on 2014/11/20 01:16:14 UTC

Fwd: [Bug 57204] New: LuaAuthzProvider mixes up parsed require arguments when used multiple times

CVE worthy?

(sent to dev@ since it's mild and already discussed publically)


---------- Forwarded message ----------
From:  <bu...@apache.org>
Date: Wed, Nov 12, 2014 at 9:52 AM
Subject: [Bug 57204] New: LuaAuthzProvider mixes up parsed require
arguments when used multiple times
To: bugs@httpd.apache.org


https://issues.apache.org/bugzilla/show_bug.cgi?id=57204

            Bug ID: 57204
           Summary: LuaAuthzProvider mixes up parsed require arguments
                    when used multiple times
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_lua
          Assignee: bugs@httpd.apache.org
          Reporter: covener@gmail.com

as reported in comments section of the manual anonymously, it looks like the
lua-specific hash used to store the parameters gets mixed up if you define 1
provider but use it with multiple require arguments.


original:

http://httpd.apache.org/docs/trunk/mod/mod_lua.html#comment_3245

--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org



-- 
Eric Covener
covener@gmail.com

Fwd: [Bug 57204] New: LuaAuthzProvider mixes up parsed require arguments when used multiple times

Posted by Eric Covener <co...@gmail.com>.

Mark, can you allocate a CVE for this? It is already public.


---------- Forwarded message ----------
From: Eric Covener <co...@gmail.com>
Date: Wed, Nov 19, 2014 at 7:16 PM
Subject: Fwd: [Bug 57204] New: LuaAuthzProvider mixes up parsed
require arguments when used multiple times
To: Apache HTTP Server Development List <de...@httpd.apache.org>


CVE worthy?

(sent to dev@ since it's mild and already discussed publically)


---------- Forwarded message ----------
From:  <bu...@apache.org>
Date: Wed, Nov 12, 2014 at 9:52 AM
Subject: [Bug 57204] New: LuaAuthzProvider mixes up parsed require
arguments when used multiple times
To: bugs@httpd.apache.org


https://issues.apache.org/bugzilla/show_bug.cgi?id=57204

            Bug ID: 57204
           Summary: LuaAuthzProvider mixes up parsed require arguments
                    when used multiple times
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_lua
          Assignee: bugs@httpd.apache.org
          Reporter: covener@gmail.com

as reported in comments section of the manual anonymously, it looks like the
lua-specific hash used to store the parameters gets mixed up if you define 1
provider but use it with multiple require arguments.


original:

http://httpd.apache.org/docs/trunk/mod/mod_lua.html#comment_3245

--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org



--
Eric Covener
covener@gmail.com


-- 
Eric Covener
covener@gmail.com