[Bug 191095] multiple vulnerabilities in thttpds htpasswd utility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: multiple vulnerabilities in thttpds htpasswd utility


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095





------- Additional Comments From tibbs@xxxxxxxxxxx  2006-05-26 11:22 EST -------
I did some comparisons but the htpasswd.c in thttpd is so old that it doesn't
resemble any of the code in the Apache versions I have around.

There's one comment in the thttpd htpasswd.c that concerns me:

/* Modified 29aug97 by Jef Poskanzer to accept new password on stdin,
** if stdin is a pipe or file.  This is necessary for use from CGI.

I don't know that the Apache htpasswd.c supports this; if not, it would have to
be hacked back in.

I'll attach the current Apache htpasswd.c.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux