You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/05/17 14:05:05 UTC

DO NOT REPLY [Bug 9201] New: - Wrong REQUEST_URI with malformed HTTP queries

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9201>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9201

Wrong REQUEST_URI with malformed HTTP queries

           Summary: Wrong REQUEST_URI with malformed HTTP queries
           Product: Apache httpd-1.3
           Version: 1.3.24
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Other
         Component: mod_cgi
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: jhiver@mkdoc.com


REQUEST_URI is supposed to be "the portion of the URL following the scheme 
and host portion" (http://httpd.apache.org/docs/mod/mod_setenvif.html). However, 
it is possible to break this using incorrect HTTP queries.

I have reproduced the bug on Apache 1.3.23 and 1.3.24. This is how you do it:
telnet your.host.com 80
HEAD http://your.host.com/ HTTP/1.0

And your REQUEST_URI variable will contain http://your.host.com/. Even worse: 
CGI.pm 2.79 url() method works fine because it doesn't use this variable, but 
CGI.pm 2.80 upwards does thus it produces bad URIs.

If you cache the pages that you dynamically generate, it basically means that a 
broken client could break these pages for everyone.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org