Archive for July 28th, 2006

Apache fixes off by one buffer overflow in mod_rewrite

July 28th, 2006

By Kurt Seifried (kurt@seifried.org)

The Apache Software Foundation has just corrected an off-by-one vulnerability in the mod_rewrite engine. It should be noted that many web applications, such as WordPress make use of mod_rewrite to create URL’s that are more easily indexed by search engines, meaning that although mod_rewrite is often disabled by default it is typically enabled and used on many sites.

http://httpd.apache.org/

This is of course a classic example of a technological risk. A least privilege approach with as many things disabled or otherwise removed as possible would result in a system that is not affected by this flaw, however because user’s want easily indexed URL’s, and the easiest way to accomplish this for a program such as WordPress is to use mod_rewrite you end up with numerous sites using mod_rewrite when it is not strictly necessary.

Posted in Quick News, Technical | No Comments »

 Sidebar
  • Pages
  •  
    July 2006
    M T W T F S S
    « Feb   Aug »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • Archives
  • Categories
  • Meta

    • copyright 2008 reavis consulting group, llc

    all postings and articles are owned and the copyright is held by the author, all opinions expressed are held by same.

    Riskbloggers is proudly powered by WordPress
    Entries (RSS) and Comments (RSS).

    design by | live | life | loud |