Hi Jacobo,
If my httpd.conf file has defined with the follow directives, could you please let me know whether it will be affected by this vulnerability or not?
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
I think, it will not be affected as per the below information:
This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics:
* The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1)
* The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE)
Regards,
Ramesh
