NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/40355: httpd doesn't ignore arguments to plain files

>Number:         40355
>Category:       bin
>Synopsis:       httpd doesn't ignore arguments to plain files
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 10 00:50:00 +0000 2009
>Originator:     John Nemeth
>Release:        -current
Cornerstone Service
any -current system after httpd was imported
        Some web based applications will request a plain file with
an add argument to do cache busting, i.e.:

http://website/directory/file?foo=<random number>

httpd will look for a file called "file?foo=<random number>" and
return a 404 error instead of simply ignoring the argument.
        Try to fetch a plain file from a machine running httpd and
append an argument (see above for example).
        Drop arguments from requests for anything outside of cgi-bin.

Home | Main Index | Thread Index | Old Index