[wp-trac] [WordPress Trac] #60333: Host Header Injection Vulnerability in /wp-content Folder
WordPress Trac
noreply at wordpress.org
Wed Jan 24 21:33:11 UTC 2024
#60333: Host Header Injection Vulnerability in /wp-content Folder
--------------------------+----------------------
Reporter: manishn | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 6.4
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by peterwilsoncc):
* status: new => closed
* resolution: => invalid
* severity: critical => normal
* milestone: Awaiting Review =>
Comment:
@manishn Hello and welcome to trac.
The redirect you are seeing is generated by Apache rather than WordPress.
Apache [https://httpd.apache.org/docs/trunk/mod/mod_dir.html generates a
301 redirect] when a directory is requested without a trailing slash.
The Apache configuration will determine the domain to redirect to and
WordPress has no control over this. WordPress is unable to make
assumptions about requests to directories as it would break sites that
include both WordPress and static files.
I've closed this ticket as invalid, in this case that's because there is
nothing WordPress can do to manage server configurations. I suggest you
contact your hosting company if you are seeing unexpected redirects.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60333#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list