544582 – www-servers/apache ships 00_mod_mime.conf, advertising insecure AddHandler directive without mentioning security

Bug 544582 - www-servers/apache ships 00_mod_mime.conf, advertising insecure AddHandler directive without mentioning security

Summary: www-servers/apache ships 00_mod_mime.conf, advertising insecure AddHandler di...

Status:	CONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Apache Team - Bugzilla Reports

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	544560
	Show dependency tree

Reported:	2015-03-26 18:20 UTC by Sebastian Pipping
Modified:	2021-04-28 19:22 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Pipping gentoo-dev

2015-03-26 18:20:24 UTC

# fgrep -R AddHandler /etc/
/etc/apache2/modules.d/00_error_documents.conf: AddHandler type-map var
/etc/apache2/modules.d/00_mod_mime.conf:# AddHandler allows you to map certain file extensions to "handlers":
/etc/apache2/modules.d/00_mod_mime.conf:#AddHandler cgi-script .cgi
/etc/apache2/modules.d/00_mod_mime.conf:#AddHandler type-map var

Please see bug #538822 for why that is a problem and for a prosed fix.

Thanks!

Comment 1 Sebastian Pipping gentoo-dev

2015-03-26 18:21:24 UTC

-prosed +proposed