Kristyna Streitova
1177533e53
*) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
always evaluates to true in 2.4.64 (cve.mitre.org)
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes
the issue.
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=721
24 lines
918 B
Bash
24 lines
918 B
Bash
#!/bin/sh
|
|
|
|
# check_forensic <forensic log file>
|
|
# Author: Peter Poeml <apache@suse.de>
|
|
|
|
# check the forensic log for requests that did not complete
|
|
# output the request log for each one
|
|
|
|
# This script is based on Ben Laurie's check_forensic, but is adjusted for GNU
|
|
# tools (as used on Linux) and it works in a safe tmpdir directory.
|
|
# todo: rewrite in a form that allows running on more operating systems.
|
|
|
|
F=${1:?give filename as argument. cannot read from stdin.}
|
|
|
|
tmpprefix=${TMPDIR:-/tmp}/check_forensic.XXXXXX
|
|
tdir=$(mktemp -d $tmpprefix); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
|
|
|
|
cut -f 1 -d '|' $F > $tdir/fc-all.$$
|
|
grep ^+ < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-in.$$
|
|
grep -- ^- < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-out.$$
|
|
join -v 1 $tdir/fc-in.$$ $tdir/fc-out.$$ | xargs -ixx grep -E "^\\+xx" $F
|
|
rm $tdir/fc-all.$$ $tdir/fc-in.$$ $tdir/fc-out.$$
|
|
rmdir $tdir
|