http://www.apache.org/ Description: According to a vendor announcement [0], a vulnerability exists in the mod_rewrite module of the Apache HTTP Server [1]. Depending on the manner in which the Apache HTTP Server was compiled, the software defect may result in a vulnerability which, in combination with certain types of "RewriteRule" directives in the server configuration files, could be triggered remotely. The nature of the vulnerability can be Denial of Service (DoS) or potentially allow arbitrary code execution. This issue only affects installations using a "RewriteRule" with the following characteristics: it allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with "$1") or the RewriteRule flags do NOT include any of the flags Forbidden (F), Gone (G), or NoEscape (NE).
For those of you in Rio Linda, RewriteRule whatever/(.*)$ $1 [L] will expose it, and RewriteRule whatever/(.*)$ file.php?whatever=$1 [L] won't. http://www.kb.cert.org/vuls/id/395412
Can someone please explain the full effect of this problem. The security notice says the vulnerability "could allow a remote attacker to execute arbitrary code on an affected web server." Does that mean *any* code? Is it possible that hackers can use it give them access to the server's files? It's relatively easy to patch our own servers (when the patch is available), I'm more worried about the servers that are out of our control yet affect us as users, eg. if you're ordering something online, and the server is not patched, could hackers use the vulnerability to gain access to our personal details... Now if we'd all listened to Microsoft, and used their excellent no-vulnerability Windows servers, we wouldn't be having this problem
a1 mainly everything looks vulnerable that uses the $1 pass off post your rules and me or nino can probably tell you if you should worry
Hey Shoemoney Can you tell me if you see a flaw in this rule? RewriteRule (.*)\.jpg$ /x/1/sig.php?user=$1 Thanks (Really enjoy reading your blog, keep up the good work )
from this exploit you should be ok with that... however you should add [L] at the end and also limit what charectors you take in.. .* is a total wildcard
Hi, i'm this htaccess but it's not OK (sorry for my english) Options +FollowSymlinks RewriteEngine on RewriteRule test/news-([a-z0-9\_]+)-([0-9]+)\.php$ test/news.php?id=$2 [L] Please help me !
Hi, Transform this URL: http://www.test.com/test/news-zune_software_disponible_pour_windows_vista-7598.php To this: http://www.test.com/test/news.php?id=7598
Options +Indexes Options +FollowSymlinks RewriteEngine on RewriteBase / RewriteRule ^test/news\-([^.]+)\-([^.]+)\.html$ news.php?id=$2 [L] And you have to edit the script to link to the new URLs, and note the new URL ends in .html. That's much better than .php!!