Vulnerability Development mailing list archives

Re: Another flaw in Apache?

From: Jedi/Sector One <j () pureftpd org>
Date: Sun, 23 Jun 2002 16:05:16 +0200

On Sun, Jun 23, 2002 at 03:03:13PM +0100, Filipe Jorge Marques de Almeida wrote:

Don't forget this is not a serious vulnerability in many configurations (if the
user already has permission to run cgi scripts without suexec, SSI, etc).


  Indeed, the fact that any user can stop the whole web server, or launch
commands as the web server uid despite the use of suexec is not serious.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j () 42-Networks Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>  \/

Current thread:

Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 22)
  - RE: Another flaw in Apache? Ryan Sweat (Jun 22)
  - Re: Another flaw in Apache? Michal Zalewski (Jun 22)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Message not available
    - Re: Another flaw in Apache? Filipe Almeida (Jun 23)
    - Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Michal Zalewski (Jun 23)
    - Re: Another flaw in Apache? Michal Zalewski (Jun 23)
    - Re: Another flaw in Apache? sd (Jun 26)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Pavel Kankovsky (Jun 23)