search for: no2slash

Displaying 1 result from an estimated 1 matches for "no2slash".

Did you mean: dotslash
1998 Jan 07
0
FYI: Apache security advisory
...ever such a document would be very rare in practice. If you do not allow users to use mod_include, then they can not exploit these holes. III. Inefficient removal of duplicate ''/''s ("beck" exploit) RISK: medium The code in the no2slash() function used to collapse multiple ''/''s in a request for access checking purposes is very inefficient. It is O(n^2) in the number of ''/''s in the input. What this means is that as the input size grows, it very quickly requires v...