Re: POC & exploit for Apache mod_rewrite off-by-one

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: POC & exploit for Apache mod_rewrite off-by-one
From: arulvadivel1@xxxxxxxxxxxxxx
Date: 19 May 2009 12:30:27 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi Jacobo,

If my httpd.conf file has defined with the follow directives, could you please 
let me know whether it will be affected by this vulnerability or not?


RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

I think, it will not be affected as per the below information:
This flaw does not affect a default installation of Apache HTTP Server. Users 
who do not use, or have not enabled, the Rewrite module mod_rewrite are not 
affected by this issue. This issue only affects installations using a Rewrite 
rule with the following characteristics:

    * The RewriteRule allows the attacker to control the initial part of the 
rewritten URL (for example if the substitution URL starts with $1)
    * The RewriteRule flags do NOT include any of the following flags: 
Forbidden (F), Gone (G), or NoEscape (NE)


Regards,
Ramesh

Prev by Date: [ MDVSA-2009:117 ] ntp
Next by Date: Namad Cms Remote File Download
Previous by thread: POC & exploit for Apache mod_rewrite off-by-one
Next by thread: LBlog <= "comments.asp" SQL Injection Exploit
Index(es):
- Date
- Thread