[MacPorts] #38452: Apache on HFS Critical Security Issue
MacPorts
noreply at macports.org
Wed Mar 20 11:05:36 PDT 2013
#38452: Apache on HFS Critical Security Issue
------------------------+--------------------------------
Reporter: vikingjs@… | Owner: macports-tickets@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.1.3
Keywords: | Port: apache2
------------------------+--------------------------------
Apple has identified a critical security issue that allows attackers to
see the source code of Web pages. It is outlined here:
[http://packetstormsecurity.com/files/120820/Apple-Security-
Advisory-2013-03-14-1.html]. In summary, Passuing a url like:
`http://mydomain.com/index.p%E2%80%8Chp` will dump the php of the file
raw, rather than executing it on the server.
I have fixed the issue on my local machines by copying mod_hfs_apple.so
from its preinstalled location (after updating MacOS), and adding an entry
in https.conf to load that module.
--
Ticket URL: <https://trac.macports.org/ticket/38452>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list