greprules.io
Sign inSubmit rule
Explore/cve-2026-28808-erlang-inets-mod-alias-which-alias-missing-script-alias

CVE-2026-28808: Erlang Inets Mod Alias Which Alias Missing Script Alias

Detected an inets `mod_alias`-style alias lookup that calls httpd_util:multi_lookup(ConfigDB, alias) without also concatenating httpd_util:multi_lookup(ConfigDB, script_alias). This is the vulnerable shape of `which_alias/1` from CVE-2026-28808: mod_auth derives the filesystem path used for `<Directory>` access-control matching from this list, so omitting `s

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0generic
greprules fetch cve-2026-28808-erlang-inets-mod-alias-which-alias-missing-script-alias --engine opengrep

Description

Detected an inets `mod_alias`-style alias lookup that calls httpd_util:multi_lookup(ConfigDB, alias) without also concatenating httpd_util:multi_lookup(ConfigDB, script_alias). This is the vulnerable shape of `which_alias/1` from CVE-2026-28808: mod_auth derives the filesystem path used for `<Directory>` access-control matching from this list, so omitting `s

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Trust signals
113 downloads0 direct113 via packs
· 0 stars · Trust score 85How trust works
Included packs
2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark usefulReport false positiveSuggest metadata