Hacker News new | ask | show | jobs
by abjorn 3200 days ago
This doesn't quite look like the same bug described in the article. Maybe the inconsistency with the comma separator is a separate bug?
2 comments
wielebny 3200 days ago
After many repeated tests with multiple LIMIT sections in .htaccess (and without restarting apache2) i've managed to get a leak of part of config file:

  Allow: �E2�~,HEAD,,ex.html/,OPTIONS,POST,,HEAD,,HEAD,Pek�~,HEAD,,,ex.html/,GET,HEAD
link
wielebny 3200 days ago
Most certainly something is leaking:

  l-lbiegaj ~ -> curl -sI -X OPTIONS http://mysite/ | grep ^Allow
  Allow: allow,HEAD,GET,HEAD,POST,OPTIONS
Value returned in 'Allow' changes with every apache2 restart, but I haven't yet seen any parts of the config or something other than extraneous commans or 'allow' string.
link
justinclift 3199 days ago
Interesting. Maybe see if it still leaks with the patch jimjag points out below?

http://svn.apache.org/viewvc?view=revision&revision=1807754

link