[Kolab-devel] mod_rewrite (CVE-2006-3747), not vulnerable?

Thomas Arendsen Hein thomas at intevation.de
Mon Jul 31 18:00:39 CEST 2006


* Bernhard Herzog <bh at intevation.de> [20060731 17:01]:
> On Monday 31 July 2006 16:02, Bernhard Reiter wrote:
> > According to
> > http://www.kb.cert.org/vuls/id/395412
> 
> OpenPKG has a security advisory about this, too:
> http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html

Hrm ... http://www.apache.org/dist/httpd/Announcement2.2.html says:

| This issue only affects installations using a Rewrite rule with the
| following characteristics:
|  - The RewriteRule allows the attacker to control the initial part
|    of the rewritten URL (for example if the substitution URL starts
|    with $1)
|  - The RewriteRule flags do NOT include any of the following flags:
|    Forbidden (F), Gone (G), or NoEscape (NE).

OpenPKG reads this as RewriteRule with "A or B", while everyone else
(or at least Bernhard Reiter, Heise Security and me) reads this as
RewriteRule with "A and B".

What's the right way to interpret the list of characteristics?

Thomas

-- 
Email: thomas at intevation.de
http://intevation.de/~thomas/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20060731/5f198c06/attachment.sig>


More information about the devel mailing list