Skip to content
Commit 1740c833 authored by Tony Finch's avatar Tony Finch
Browse files

Fix a security problem that affects certain configurations of mod_rewrite.

If the result of a RewriteRule is a filename that contains expansion
specifiers, especially regexp backreferences $0..$9 and %0..%9, then it
may be possible for an attacker to access any file on the web server.
The fix replaces a multi-pass string expander with a one-pass expander,
and includes the code quality improvements that were committed separately
to 1.3.

Message-Id: <E13OQB5-0004Xs-00@hand.dotat.at>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86302 13f79535-47bb-0310-9956-ffa450edef68
parent d4d1f3ab
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment