#38452: Apache on HFS Critical Security Issue ------------------------+-------------------------------- Reporter: vikingjs@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Keywords: | Port: apache2 ------------------------+-------------------------------- Apple has identified a critical security issue that allows attackers to see the source code of Web pages. It is outlined here: [http://packetstormsecurity.com/files/120820/Apple-Security- Advisory-2013-03-14-1.html]. In summary, Passuing a url like: `http://mydomain.com/index.p%E2%80%8Chp` will dump the php of the file raw, rather than executing it on the server. I have fixed the issue on my local machines by copying mod_hfs_apple.so from its preinstalled location (after updating MacOS), and adding an entry in https.conf to load that module. -- Ticket URL: <https://trac.macports.org/ticket/38452> MacPorts <http://www.macports.org/> Ports system for OS X