Bugtraq mailing list archives
Re: Problem with FrontPage on Cobalt RaQ2/RaQ3
From: sitz () ONASTICK NET (Noah)
Date: Tue, 23 May 2000 13:54:44 -0400
On Tue, 23 May 2000, Chris Adams wrote:
You can bypass cgiwrap because the Apache config files have the line "AllowOverride All". All you have to do is create an .htaccess file with these lines in it: Options +ExecCGI AddHandler cgi-script .cgi
Ah, but you see, here's the kicker. Unless the FPE for Unix have changed drastically since last I frobbed with them, they *require* "AllowOverride All" in order to work correctly. Which is not to say there may not be another fix for this particular issue. You can use "order deny,allow" and "{deny,allow} from" directives to limit access from trusted IPs, for starters. Which doesn't eliminate the issue, but certainly contains it somewhat. This makes the assumption that such a fix will function correctly in your environment, of course. --noah "information warfare is a growth industry" - David Loundy
Current thread:
- Problem with FrontPage on Cobalt RaQ2/RaQ3 Chris Adams (May 23)
- Alert: Buffer overflow in Rockliffe's MailSite Cerberus Security Team (May 17)
- Alert: Carello File Creation flaw Cerberus Security Team (May 17)
- Re: Problem with FrontPage on Cobalt RaQ2/RaQ3 Noah (May 23)
- Re: Problem with FrontPage on Cobalt RaQ2/RaQ3 Chris Adams (May 23)