[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-bugs
Subject: [Bug 59886] New: httpoxy: shouldn't suexec block the questonable HTTP_ variables
From: bugzilla () apache ! org
Date: 2016-07-19 16:00:23
Message-ID: bug-59886-7868 () https ! bz ! apache ! org/bugzilla/
[Download RAW message or body]
https://bz.apache.org/bugzilla/show_bug.cgi?id=59886
Bug ID: 59886
Summary: httpoxy: shouldn't suexec block the questonable HTTP_
variables
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: blocker
Priority: P2
Component: mod_suexec
Assignee: bugs@httpd.apache.org
Reporter: calestyo@scientia.net
Hey.
In the wake of httpoxy[0] shouldn't suexec also block the problematic HTTP_ env
vars from being passed on?
Right now it seems that anything starting with HTTP_ or SSL_ is passed through
which doesn't seem particularly trustworthy at a first glance.
Cheers,
Chris.
[0] https://httpoxy.org/
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic