You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Andrew Wilson <an...@tees.elsevier.co.uk> on 1995/12/11 14:53:33 UTC
Re: WWW Form Bug Report: "SEVERE: Looping server-include. " on AIX
(fwd)
> Rob wrote:
[#inc virt with a trailing slash...]
David R:
> Well, he shouldn't refer to his file as /links.html/ then!
>
> This is a known feature.
What? Since when has a wide-open denial of service attack hole been a
known feature of this product? 1.0 is severely compromised by this
*BUG* and as a consequence I've had to roll back to .14/.15/.16 or
whichever of the variants doesn't allow Joe.Random abuser to waste my
webservers.
Pay attention.
Ay.