[原文]** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
Apache HTTP Server ErrorDocument Directive .htaccess Bypass
Local Access Required
Authentication Management
Loss of Integrity
Workaround
Exploit Public
Vendor Disputed
-
漏洞描述
HTTP Server 2.0.47 contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an attacker exploits the ErrorDocument directive, in order to bypass .htaccess file restrictions, as specified in httpd.conf where directives such as Deny From All occurs, allowing a local attacker to gain the same kind of privileges they otherwise would have had on the server. Apache disputes this vulnerability on the grounds that .htaccess is intended to control remote access to the server, and that the local user exploiting the vulnerability already has the privileges sought to be obtained through this exploit.
-
时间线
2004-01-31
Unknow
Unknow
Unknow
-
解决方案
Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround recommended by the person who discovered the vulnerability: Do not skip auth checker even if the per_dir_config member value doesn't change in the ap_process_request_internal() function.
Apache disputes that this is a vulnerability at all, and will not be issuing a solution. Fedora has responded by stating that this is not a security issue and will not issue a solution.
三人行,必有我师焉。择其善者而从之,其不善者而改之。