Package: apache Version: 1.3.34-4.1+etch1 Severity: grave
When a script called "index.cgi" is the directory-index in apache 1.3 and this script is accessed using the iphone browser, apache shows the script source of the perl script, even if the perl script is correctly being executed when accessed with any other browser. This might expose passwords and might be a severe security issue. I am using Debian GNU/Linux 4.0 Etch, kernel 2.6.18-6-vserver-686 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
