bin/40355: httpd doesn't ignore arguments to plain files

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/40355: httpd doesn't ignore arguments to plain files
From: jnemeth%cornerstoneservice.ca@localhost
Date: Sat, 10 Jan 2009 00:50:00 +0000 (UTC)

>Number:         40355
>Category:       bin
>Synopsis:       httpd doesn't ignore arguments to plain files
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 10 00:50:00 +0000 2009
>Originator:     John Nemeth
>Release:        -current
>Organization:
Cornerstone Service
>Environment:
any -current system after httpd was imported
>Description:
        Some web based applications will request a plain file with
an add argument to do cache busting, i.e.:

http://website/directory/file?foo=<random number>

httpd will look for a file called "file?foo=<random number>" and
return a 404 error instead of simply ignoring the argument.
>How-To-Repeat:
        Try to fetch a plain file from a machine running httpd and
append an argument (see above for example).
>Fix:
        Drop arguments from requests for anything outside of cgi-bin.

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: port-xen/40356: [PATCH] PCI_ADDR_FIXUP has no effect under xen environment
Previous by Thread: lib/40346: libexpat should be in base.tgz
Next by Thread: port-xen/40356: [PATCH] PCI_ADDR_FIXUP has no effect under xen environment
Indexes:

Home | Main Index | Thread Index | Old Index