From 10b489901700a5210f1cba1bd700d72a345e7434 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Tue, 11 Jul 2017 17:25:39 +0200
Subject: [PATCH] Fix #4699: Static AuthName for WebDav in Aapache (Fixes DoS
 vulnerability)

---
 server/plugins-available/apache2_plugin.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 3478e0f341..3c29a3c52e 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -2785,7 +2785,7 @@ class apache2_plugin {
 							$output .= "        DAV On\n";
 							$output .= '        BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On'."\n";
 							$output .= "        AuthType Digest\n";
-							$output .= "        AuthName \"" . $fn . "\"\n";
+							$output .= "        AuthName \"Restricted Area\"\n";
 							$output .= "        AuthUserFile " . $webdavRoot . '/' . $file . "\n";
 							$output .= "        Require valid-user \n";
 							$output .= "        Options +Indexes \n";
-- 
GitLab