apache2/apache2-CVE-2024-38475-1.patch

24 lines
1.1 KiB
Diff

Index: httpd-2.4.58/docs/manual/mod/mod_rewrite.html.en
===================================================================
--- httpd-2.4.58.orig/docs/manual/mod/mod_rewrite.html.en
+++ httpd-2.4.58/docs/manual/mod/mod_rewrite.html.en
@@ -1451,6 +1451,18 @@ cannot use <code>$N</code> in the substi
<td>Force the <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> of the target file
to be the specified type. <em><a href="../rewrite/flags.html#flag_t">details ...</a></em></td>
</tr>
+ <tr>
+ <td>UnsafeAllow3F</td>
+ <td>Allows substitutions from URL's that may be unsafe.
+ <em><a href="../rewrite/flags.html#flag_unsafe_allow_3f">details ...</a></em>
+ </td>
+ </tr>
+ <tr>
+ <td>UnsafePrefixStat</td>
+ <td>Allows potentially unsafe substitutions from a leading variable or backreference to a filesystem path.</td>
+ <em><a href="../rewrite/flags.html#flag_unsafe_prefix_stat">details ...</a></em>
+ </td>
+ </tr>
</table>
<div class="note"><h3>Home directory expansion</h3>