Apache Httpd < None: Environment variable expansion flaw

ID HTTPD:FF6707403F89E77CD90F095B4014299E
Type httpd
Reporter We would like to thank the Swedish IT Incident Centre (SITIC) for reporting this issue.
Modified 2004-09-15T00:00:00


A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user.