You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/09/10 02:02:08 UTC

DO NOT REPLY [Bug 36588] New: - mod_access security problem

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36588>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36588

           Summary: mod_access security problem
           Product: Apache httpd-2.0
           Version: 2.0.54
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_access
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: blfijgnk@no-spam.hu


i can access whole / filesystem through symlink with following configurations:

<Directory /> 
  Order Deny,Allow 
  Deny from all 
</Directory> 
<Directory /home> 
  Order Deny,Allow 
</Directory> 

<VirtualHost *>
        ServerName foo.bar
        DocumentRoot /home/user
</VirtualHost>

ln -s / /home/user/link

http://foo.bar/link

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org