Re: CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: users@xxxxxxxxxxxxxxxx
- Subject: Re: CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
- From: Eric Covener <covener@xxxxxxxxx>
- Date: Sat, 11 Mar 2023 17:36:13 -0500
- In-reply-to: <CALK=YjNv9-K=nXN_8pOsWAcwCSTg0wfF=T=z7TnZssGBbm_OOA@mail.gmail.com>
- Reply-to: users@xxxxxxxxxxxxxxxx
On Fri, Mar 10, 2023 at 5:56 PM Eric Covener <covener@xxxxxxxxx> wrote:
>
> > > Try e.g. [R,B= ?,...]
> > >
> > > The question mark is to avoid the issue of not being able to have " "
> > > as the final character in this syntax.
> >
>
> Sorry, the above doesn't work. Someone reported in another thread: [R,B=\ ]
The real trick seems to be quoting the entirety of the flags, then
finding any 2nd character to escape.
RewriteRule ... "[B= ?]"
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
