Bugtraq mailing list archives

Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server

From: "Mark Litchfield" <mark () ngssoftware com>
Date: Wed, 19 Jun 2002 22:02:45 -0700

This does not suprise me, as I sent a number of mails over a period of

time

to security () apache org detailing the issue with the relevant HTTP request

as

early as the end of April with my first response to the issue received on
the 27th May from Manoj Kasichainula.

Whether the issue was discovered and discussed independently, or whether

the

mails I sent were distributed (and possibly redistributed) the damage has
already been done.

Regards

Mark Litchfield
www.ngssoftware.com



----- Original Message -----
From: "Muhammad Faisal Rauf Danka" <mfrd () attitudex com>
To: <bugtraq () securityfocus com>
Sent: Tuesday, June 18, 2002 9:35 PM
Subject: Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP
Server

This bug has already been mentioned on the public mailing list for

Apache

which is here =

http://groups.yahoo.com/group/new-httpd/message/36545

as we can see it was on Date:  Tue May 28, 2002  5:22 pm.

and the bug is fixed in CVS for Apache 2.0
this advisory is rather in form of a uniformed and questionable

advisory.

Surely ISS will get a lot of press for that. =)

oh and Apache 1.3.26 and 2.0.39 are released, These versions are both

security and bug-fix releases.

You can download them from:
http://www.apache.org/dist/httpd/



Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with

email () yourgroup org by Everyone.net  http://www.everyone.net/?btn=tag

Current thread:

Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Muhammad Faisal Rauf Danka (Jun 19)
- <Possible follow-ups>
- Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Mark Litchfield (Jun 19)