You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/09/10 02:02:08 UTC
DO NOT REPLY [Bug 36588] New: -
mod_access security problem
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36588>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=36588
Summary: mod_access security problem
Product: Apache httpd-2.0
Version: 2.0.54
Platform: Other
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P2
Component: mod_access
AssignedTo: bugs@httpd.apache.org
ReportedBy: blfijgnk@no-spam.hu
i can access whole / filesystem through symlink with following configurations:
<Directory />
Order Deny,Allow
Deny from all
</Directory>
<Directory /home>
Order Deny,Allow
</Directory>
<VirtualHost *>
ServerName foo.bar
DocumentRoot /home/user
</VirtualHost>
ln -s / /home/user/link
http://foo.bar/link
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org