http://www.apache.org/

Description:
According to a vendor announcement [0], a vulnerability exists in the
mod_rewrite module of the Apache HTTP Server [1]. Depending on the
manner in which the Apache HTTP Server was compiled, the software
defect may result in a vulnerability which, in combination with
certain types of "RewriteRule" directives in the server configuration
files, could be triggered remotely. The nature of the vulnerability
can be Denial of Service (DoS) or potentially allow arbitrary code
execution. This issue only affects installations using a "RewriteRule"
with the following characteristics: it allows the attacker to control
the initial part of the rewritten URL (for example if the substitution
URL starts with "$1") or the RewriteRule flags do NOT include any of
the flags Forbidden (F), Gone (G), or NoEscape (NE).

For those of you in Rio Linda,

RewriteRule whatever/(.*)$ $1 [L]

will expose it, and

RewriteRule whatever/(.*)$ file.php?whatever=$1 [L]

won't.

http://www.kb.cert.org/vuls/id/395412

Can someone please explain the full effect of this problem. The security notice says the vulnerability "could allow a remote attacker to execute arbitrary code on an affected web server." Does that mean *any* code? Is it possible that hackers can use it give them access to the server's files?

It's relatively easy to patch our own servers (when the patch is available), I'm more worried about the servers that are out of our control yet affect us as users, eg. if you're ordering something online, and the server is not patched, could hackers use the vulnerability to gain access to our personal details...

Now if we'd all listened to Microsoft, and used their excellent no-vulnerability Windows servers, we wouldn't be having this problem ;)

a1 mainly everything looks vulnerable that uses the $1 pass off

post your rules and me or nino can probably tell you if you should worry

a1 mainly everything looks vulnerable that uses the $1 pass off

post your rules and me or nino can probably tell you if you should worry

Hey Shoemoney :)

Can you tell me if you see a flaw in this rule?

RewriteRule (.*)\.jpg$ /x/1/sig.php?user=$1

Thanks
(Really enjoy reading your blog, keep up the good work :))

Hey Shoemoney :)

Can you tell me if you see a flaw in this rule?

RewriteRule (.*)\.jpg$ /x/1/sig.php?user=$1

Thanks
(Really enjoy reading your blog, keep up the good work :))

from this exploit you should be ok with that... however you should add [L] at the end and also limit what charectors you take in..

.* is a total wildcard

Hi, i'm this htaccess but it's not OK (sorry for my english:))

Options +FollowSymlinks
RewriteEngine on
RewriteRule test/news-([a-z0-9\_]+)-([0-9]+)\.php$ test/news.php?id=$2 [L]

Please help me !

Post an example of the original URL and how you want it.

Hi,

Transform this URL:
http://www.test.com/test/news-zune_software_disponible_pour_windows_vista-7598.php

To this:
http://www.test.com/test/news.php?id=7598

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^test/news\-([^.]+)\-([^.]+)\.html$ news.php?id=$2 [L]

And you have to edit the script to link to the new URLs, and note the new URL ends in .html. That's much better than .php!!