[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : mod_rewrite and Host header vulnerability

Title: mod_rewrite and Host header vulnerability
Released by: Conectiva
Date: 11th October 2000
Printable version: Click here 
-----------------------------------------------------------------------

CONECTIVA LINUX SECURITY ANNOUNCEMENT

-----------------------------------------------------------------------



PACKAGE   : apache

SUMMARY   : mod_rewrite and Host header vulnerability

DATE      : 2000-10-11 16:19:00

RELEVANT

RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1



----------------------------------------------------------------------



DESCRIPTION

 There are two vulnerabilities in the Apache web server as shipped

 with Conectiva Linux.



 1) Under certain configurations, the mod_rewrite module could be used

 to access any file on the server, provided that filesystem access

 rights permitted that. Now the mod_rewrite module makes a one-pass

 expansion and is no longer vulnerable to this.



 2) The other vulnerability is regarding the handling of Host: headers

 in mass virtual hosting configurations. The check for dot (".")

 charactes in that header was not complete and could permit access to

 a parent directory.





SOLUTION

 It is recommended that users using mod_rewrite or with virtual

 hosting update their servers.

 Users of Conectiva Linux 4.1 and 4.2 will also find apache-1.3.12 on

 the FTP site. That package should be used for those who upgraded to

 1.3.12 because of the IMP/HORDE advisory a while ago.





DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES

http://atualizacoes.conectiva.com.br/4.0/SRPMS/apache-1.3.6-16cl.src.rpm

http://atualizacoes.conectiva.com.br/4.0/i386/apache-1.3.6-16cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.0/i386/apache-devel-1.3.6-16cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.0es/SRPMS/apache-1.3.6-16cl.src.rpm

http://atualizacoes.conectiva.com.br/4.0es/i386/apache-1.3.6-16cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.0es/i386/apache-devel-1.3.6-16cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.1/SRPMS/apache-1.3.9-17cl.src.rpm

http://atualizacoes.conectiva.com.br/4.1/i386/apache-1.3.9-17cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.1/i386/apache-devel-1.3.9-17cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/SRPMS/apache-1.3.9-17cl.src.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/apache-1.3.9-17cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/apache-devel-1.3.9-17cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/SRPMS/apache-1.3.12-14cl.src.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/apache-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/apache-doc-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/apache-devel-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/SRPMS/apache-1.3.12-14cl.src.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/apache-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/apache-doc-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/apache-devel-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/apache-1.3.12-14cl.src.rpm

http://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-doc-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-devel-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/apache-1.3.12-14cl.src.rpm

http://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-doc-1.3.12-14cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-devel-1.3.12-14cl.i386.rpm





----------------------------------------------------------------------



All packages are signed with Conectiva's GPG key. The key can be

obtained at http://www.conectiva.com.br/contato



----------------------------------------------------------------------

subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br

unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br






(C) 1999-2000 All rights reserved.