You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/09/12 12:53:43 UTC

DO NOT REPLY [Bug 35256] - %2F will be decoded in PATH_INFO (Documentation to AllowEncodedSlashes says no decoding will be done)

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35256>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35256


rahul@sun.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         OS/Version|Windows 2000                |All




------- Additional Comments From rahul@sun.com  2007-09-12 03:53 -------
Reproducible on Trunk. (2.3-HEAD)
ProxyPass does not have any effect on this issue.
It can be reproduced on default apache install, and having
 "AllowEncodedSlashes On"

1) Using '\' -> %5c
|(echo "GET /cgi-bin/printenv/my%5cparam HTTP/1.0\n\n" ;sleep 1) | telnet 
agneyam 8080
Trying 129.158.224.203...
Connected to agneyam.india.sun.com.
Escape character is '^]'.
HTTP/1.1 200 OK
Date: Wed, 12 Sep 2007 10:42:09 GMT
Server: Apache/2.3.0-dev (Unix)
Connection: close
Content-Type: text/plain; charset=iso-8859-1

DOCUMENT_ROOT="/space/store/httpd/htdocs"
GATEWAY_INTERFACE="CGI/1.1"
PATH="/bin:/usr/bin"
PATH_INFO="/my\param"
PATH_TRANSLATED="/space/store/httpd/htdocs/my\param"
QUERY_STRING=""
REMOTE_ADDR="129.158.224.78"
REMOTE_PORT="50617"
REQUEST_METHOD="GET"
REQUEST_URI="/cgi-bin/printenv/my%5cparam"
SCRIPT_FILENAME="/space/store/httpd/cgi-bin/printenv"
SCRIPT_NAME="/cgi-bin/printenv"
SERVER_ADDR="129.158.224.203"
SERVER_ADMIN="you@example.com"
SERVER_NAME="agneyam"
SERVER_PORT="80"
SERVER_PROTOCOL="HTTP/1.0"
SERVER_SIGNATURE=""
SERVER_SOFTWARE="Apache/2.3.0-dev (Unix)"
TZ="Asia/Calcutta"

2) Using '/' -> %2f
|(echo "GET /cgi-bin/printenv/my%2fparam HTTP/1.0\n\n" ;sleep 1) | telnet 
agneyam 8080 
Trying 129.158.224.203...
Connected to agneyam.india.sun.com.
Escape character is '^]'.
HTTP/1.1 200 OK
Date: Wed, 12 Sep 2007 10:43:38 GMT
Server: Apache/2.3.0-dev (Unix)
Connection: close
Content-Type: text/plain; charset=iso-8859-1

DOCUMENT_ROOT="/space/store/httpd/htdocs"
GATEWAY_INTERFACE="CGI/1.1"
PATH="/bin:/usr/bin"
PATH_INFO="/my/param"
PATH_TRANSLATED="/space/store/httpd/htdocs/my/param"
QUERY_STRING=""
REMOTE_ADDR="129.158.224.78"
REMOTE_PORT="59458"
REQUEST_METHOD="GET"
REQUEST_URI="/cgi-bin/printenv/my%2fparam"
SCRIPT_FILENAME="/space/store/httpd/cgi-bin/printenv"
SCRIPT_NAME="/cgi-bin/printenv"
SERVER_ADDR="129.158.224.203"
SERVER_ADMIN="you@example.com"
SERVER_NAME="agneyam"
SERVER_PORT="80"
SERVER_PROTOCOL="HTTP/1.0"
SERVER_SIGNATURE=""
SERVER_SOFTWARE="Apache/2.3.0-dev (Unix)"
TZ="Asia/Calcutta"


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org