From nobody Tue Jul  2 06:05:36 2024
X-Original-To: apache@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WCspS20shz5Pffq
	for <apache@mlmmj.nyi.freebsd.org>; Tue, 02 Jul 2024 06:05:36 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4WCspS0DCSz44vn
	for <apache@FreeBSD.org>; Tue,  2 Jul 2024 06:05:36 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719900336; a=rsa-sha256; cv=none;
	b=CkOTUz+NYrXs6kT7sjMrM/x5GvlrixFBE5zAzDIswd5SGouVLT/qNfDd66DrQXPOc2MAto
	Bf98uDa6Hlyc8UcB0ckgWhe2t+hGsAfYsfq2GGyYNYzTI8TYIqDvgrIMFb/kHyWPfS4ei1
	S5JuriImcbNM60q+fY4b5e0ETaRke/1SWrpbBY4nMi0oUsFoNbDLXLO9szTqhbaUYbMwRB
	k94IBj+UeO8ArkOE9RWm/15PhFX35ktL3R4kzes29rbaTLS2h8WrLCKlbHZzLRwo/16/ch
	jKLwzvFwKFC7qWn4MFxzNUJIrOYKLol14EV3TLHtB+N4sUldlWEbjDr2cIs6JQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1719900336;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=5+99KPvOSwFpSPy8Axl1bywLWwXYKYkNJtWPY+j1ozM=;
	b=npQoalifr4FgD5eF0DY2/gaCY7c2oQa2czbQ6tiUmTUH8m8NDhzuqvQo220B/hiXtVz8l1
	NMEr1Jd3MduqhhlwPVrxaKEWvqmwiOtZft93Zqtek4oHfR1sKU9imf82uKpmv5fBnXnAM5
	26Ie4nbDEjx2B84IjUw/Isg5ErasydnLQJrwjYNFDqFBgZmL5IeYwPcUUoPglWJkpr8gkz
	x3Rs5bV18BbmFn44RQfL2I+PlivBnUwAZw3bPdtiwqujZV5zv1GUIlgJPWEaKM8g8tH79P
	tMB/5nSLTWy3hjiU5pr5GW1hxpaILJV0BKhoUAK65yITIrpS3ongX8G/Xn2pzA==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WCspR6xbLzcgD
	for <apache@FreeBSD.org>; Tue,  2 Jul 2024 06:05:35 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 46265ZQm071987
	for <apache@FreeBSD.org>; Tue, 2 Jul 2024 06:05:35 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 46265ZQ2071977
	for apache@FreeBSD.org; Tue, 2 Jul 2024 06:05:35 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: apache@FreeBSD.org
Subject: [Bug 280077] www/apache24 2.4.60 mod_dir does not appear to work
Date: Tue, 02 Jul 2024 06:05:36 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: nihilesthic@proton.me
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: apache@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-280077-16115-woYG6eo4Nb@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-280077-16115@https.bugs.freebsd.org/bugzilla/>
References: <bug-280077-16115@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Support of apache-related ports <freebsd-apache.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-apache
List-Help: <mailto:freebsd-apache+help@freebsd.org>
List-Post: <mailto:freebsd-apache@freebsd.org>
List-Subscribe: <mailto:freebsd-apache+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-apache+unsubscribe@freebsd.org>
Sender: owner-freebsd-apache@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280077

nihilesthic@proton.me changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |nihilesthic@proton.me

--- Comment #1 from nihilesthic@proton.me ---
>From the changelog ( https://downloads.apache.org/httpd/CHANGES_2.4.60 ):

SECURITY: CVE-2024-38476: Apache HTTP Server may use
exploitable/malicious backend application output to run local
handlers via internal redirect (cve.mitre.org)
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier
are vulnerably to information disclosure, SSRF or local script
execution via backend applications whose response headers are
malicious or exploitable.

Note: Some legacy uses of the 'AddType' directive to connect a
request to a handler must be ported to 'SetHandler' after this fix.

This is a possible reason.

--=20
You are receiving this mail because:
You are the assignee for the bug.=