• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness

LIMIT directives are commonly used in htaccess files to restrict HTTP methods that are available for a particular resource. However it has been reported that if the requested resource is served by an Apache module and not by Apache Server itself, LIMIT restrictions may not apply. Additionally, CGI/Script resources that do not sufficiently check the calling method may potentially be invoked with methods not listed in the LIMIT clause to evade LIMIT restrictions.