File apache2-CVE-2024-38475-2.patch of Package apache2.34764
Index: httpd-2.4.58/docs/manual/rewrite/flags.html.en =================================================================== --- httpd-2.4.58.orig/docs/manual/rewrite/flags.html.en +++ httpd-2.4.58/docs/manual/rewrite/flags.html.en @@ -820,8 +820,25 @@ otherwise the MIME-type set with this fl re-processing (including subsequent rounds of mod_rewrite processing). The <code>L</code> flag can be useful in this context to end the <em>current</em> round of mod_rewrite processing.</p> +</div> -</div></div> +<div class="section"> + <h2><a name="flag_unsafe_allow_3f" id="flag_unsafe_allow_3f">UnsafeAllow3F</a></h2> + <p> Setting this flag is required to allow a rewrite to continue If the + HTTP request being written has an encoded question mark, '%3f', and the + rewritten result has a '?' in the substiution. This protects from a malicious + URL taking advantage of a capture and re-substitution of the encoded + question mark.</p> +</div> +<div class="section" id="flag_unsafe_prefix_status"> + <h2><a name="flag_unsafe_prefix_status" id="flag_unsafe_prefix_status">UnsafePrefixStat</a></h2> + <p> Setting this flag is required in server-scoped substitutions + start with a variable or backreference and resolve to a filesystem path. + These substitutions are not prefixed with the document root. + This protects from a malicious URL causing the expanded substitution to + map to an unexpected filesystem location.</p> + </div> +</div> <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/rewrite/flags.html" title="English"> en </a> | <a href="../fr/rewrite/flags.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p>
