[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Bug 191095] multiple vulnerabilities in thttpds htpasswd utility



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: multiple vulnerabilities in thttpds htpasswd utility


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095





------- Additional Comments From tibbs math uh edu  2006-05-26 11:22 EST -------
I did some comparisons but the htpasswd.c in thttpd is so old that it doesn't
resemble any of the code in the Apache versions I have around.

There's one comment in the thttpd htpasswd.c that concerns me:

/* Modified 29aug97 by Jef Poskanzer to accept new password on stdin,
** if stdin is a pipe or file.  This is necessary for use from CGI.

I don't know that the Apache htpasswd.c supports this; if not, it would have to
be hacked back in.

I'll attach the current Apache htpasswd.c.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]