Description of problem: When run on RHEL 5, Spacewalk might be vulnerable to CVE-2003-1138, using double-slashes in the url. How reproducible: Deterministic. Steps to Reproduce: 1. Go to https://spacewalk.example.com// Actual results: You get a directory listing Expected results: You should not get a directory listing Additional info: Since Spacewalk avoids RHEL's default configuration and its conf.d/welcome.conf, the LocationMatch is not in effect. This bug is related to bug #454965.
Fix committed: f751a818a5b7a9be61e9b012b9c5ff6184223789.
Looks good in spacewalk 0.2. Verified.
Spacewalk is released for long time.