Bugtraq mailing list archives
Re: Apache Vulnerability through a Proxy?
From: Jason Yates <jaywhy2 () comcast net>
Date: Fri, 21 Jun 2002 21:40:22 -0400
On Fri, 2002-06-21 at 04:56, Ulf Bahrenfuss wrote:
Hi! Does anyone know, if the chunk handling vulnerability carries through a proxy i.e. Squid or Webcache? (Updating is currently not possible, because it is not the plain apache, but the Oracle IAS flavour...) Or has anyone further information how this vulnerabilty really works? Any pointers are appreciated. Regards Ulf
I've been very confused about this vulnerabity. I've heard so many conflicting reports of whats actually vulnerable and whats not. I think the best approach is to be more safe then sorry. Upgrade your systems to either the 1.3.26 or 2.0.39 versions of Apache, no matter what OS, or architecture your running. For IAS check out, http://otn.oracle.com/deploy/security/pdf/apache_alert.pdf http://otn.oracle.com/deploy/security/alerts.htm Patchs here, http://metalink.oracle.com/ -Jason Yates
Current thread:
- Apache Vulnerability through a Proxy? Ulf Bahrenfuss (Jun 21)
- Re: Apache Vulnerability through a Proxy? Ben Laurie (Jun 22)
- Re: Apache Vulnerability through a Proxy? Jason Yates (Jun 25)