Bug#517377: apache 1.3 shows perl script source in iphone-browser
Package: apache
Version: 1.3.34-4.1+etch1
Severity: grave
When a script called "index.cgi" is the directory-index in apache 1.3
and this script is accessed using the iphone browser, apache shows the
script source of the perl script, even if the perl script is correctly
being executed when accessed with any other browser.
This might expose passwords and might be a severe security issue.
I am using Debian GNU/Linux 4.0 Etch, kernel 2.6.18-6-vserver-686
Reply to: