DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9201>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9201
Wrong REQUEST_URI with malformed HTTP queries
Summary: Wrong REQUEST_URI with malformed HTTP queries
Product: Apache httpd-1.3
Version: 1.3.24
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Other
Component: mod_cgi
AssignedTo: bugs@httpd.apache.org
ReportedBy: jhiver@mkdoc.com
REQUEST_URI is supposed to be "the portion of the URL following the scheme
and host portion" (http://httpd.apache.org/docs/mod/mod_setenvif.html). However,
it is possible to break this using incorrect HTTP queries.
I have reproduced the bug on Apache 1.3.23 and 1.3.24. This is how you do it:
telnet your.host.com 80
HEAD http://your.host.com/ HTTP/1.0
And your REQUEST_URI variable will contain http://your.host.com/. Even worse:
CGI.pm 2.79 url() method works fine because it doesn't use this variable, but
CGI.pm 2.80 upwards does thus it produces bad URIs.
If you cache the pages that you dynamically generate, it basically means that a
broken client could break these pages for everyone.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9201>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9201
Wrong REQUEST_URI with malformed HTTP queries
Summary: Wrong REQUEST_URI with malformed HTTP queries
Product: Apache httpd-1.3
Version: 1.3.24
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Other
Component: mod_cgi
AssignedTo: bugs@httpd.apache.org
ReportedBy: jhiver@mkdoc.com
REQUEST_URI is supposed to be "the portion of the URL following the scheme
and host portion" (http://httpd.apache.org/docs/mod/mod_setenvif.html). However,
it is possible to break this using incorrect HTTP queries.
I have reproduced the bug on Apache 1.3.23 and 1.3.24. This is how you do it:
telnet your.host.com 80
HEAD http://your.host.com/ HTTP/1.0
And your REQUEST_URI variable will contain http://your.host.com/. Even worse:
CGI.pm 2.79 url() method works fine because it doesn't use this variable, but
CGI.pm 2.80 upwards does thus it produces bad URIs.
If you cache the pages that you dynamically generate, it basically means that a
broken client could break these pages for everyone.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org