Displaying 1 result from an estimated 1 matches for "no2slash".
Did you mean:
dotslash
1998 Jan 07
0
FYI: Apache security advisory
...ever such a document would be very
rare in practice.
If you do not allow users to use mod_include, then they
can not exploit these holes.
III. Inefficient removal of duplicate ''/''s ("beck" exploit)
RISK: medium
The code in the no2slash() function used to collapse multiple
''/''s in a request for access checking purposes is very
inefficient. It is O(n^2) in the number of ''/''s in the
input. What this means is that as the input size grows,
it very quickly requires v...