Apache Rewrite Module Arbitrary File Disclosure Vulnerability

mod_rewrite is a module shipped with Apache 1.2 and later. It is used to map special URLS to absolute files on the web server's filesystem.

If a RewriteRule directive is expressed whose result maps to a filename containing regular expression references, the result may provide an attacker with the ability to view arbitrary files on the host.

example RewriteRule directives: (the first two are vulnerable)

RewriteRule /test/(.*) /usr/local/data/test-stuff/$1
RewriteRule /more-icons/(.*) /icons/$1
RewriteRule /go/(.*) http://www.apacheweek.com/$1

(excerpted from Apache development list 09-22 and amended by Tony Finch <dot@dotat.at>)


Privacy Statement
Copyright 2010, SecurityFocus