Bug#517377: apache 1.3 shows perl script source in iphone-browser

To: submit@bugs.debian.org
Subject: Bug#517377: apache 1.3 shows perl script source in iphone-browser
From: Tobias Vogel <tobias.vogel@imis.ch>
Date: Fri, 27 Feb 2009 12:12:57 +0100
Message-id: <[🔎] 49A7CAB9.4070502@imis.ch>
Reply-to: Tobias Vogel <tobias.vogel@imis.ch>, 517377@bugs.debian.org

Package: apache
Version: 1.3.34-4.1+etch1
Severity: grave

When a script called "index.cgi" is the directory-index in apache 1.3
and this script is accessed using the iphone browser, apache shows the
script source of the perl script, even if the perl script is correctly
being executed when accessed with any other browser.

This might expose passwords and might be a severe security issue.

I am using Debian GNU/Linux 4.0 Etch, kernel 2.6.18-6-vserver-686

Reply to:

Follow-Ups:
- Bug#517377: apache 1.3 shows perl script source in iphone-browser
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: systole wolsey klystron subllicenser
Next by Date: Bug#517377: apache 1.3 shows perl script source in iphone-browser
Previous by thread: systole wolsey klystron subllicenser
Next by thread: Bug#517377: apache 1.3 shows perl script source in iphone-browser
Index(es):
- Date
- Thread