Bugtraq mailing list archives
Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
From: "Mark Litchfield" <mark () ngssoftware com>
Date: Wed, 19 Jun 2002 22:02:45 -0700
This does not suprise me, as I sent a number of mails over a period of
time
to security () apache org detailing the issue with the relevant HTTP request
as
early as the end of April with my first response to the issue received on the 27th May from Manoj Kasichainula. Whether the issue was discovered and discussed independently, or whether
the
mails I sent were distributed (and possibly redistributed) the damage has already been done. Regards Mark Litchfield www.ngssoftware.com ----- Original Message ----- From: "Muhammad Faisal Rauf Danka" <mfrd () attitudex com> To: <bugtraq () securityfocus com> Sent: Tuesday, June 18, 2002 9:35 PM Subject: Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP ServerThis bug has already been mentioned on the public mailing list for
Apache
which is here =http://groups.yahoo.com/group/new-httpd/message/36545 as we can see it was on Date: Tue May 28, 2002 5:22 pm. and the bug is fixed in CVS for Apache 2.0 this advisory is rather in form of a uniformed and questionable
advisory.
Surely ISS will get a lot of press for that. =) oh and Apache 1.3.26 and 2.0.39 are released, These versions are bothsecurity and bug-fix releases.You can download them from: http://www.apache.org/dist/httpd/ Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members withemail () yourgroup org by Everyone.net http://www.everyone.net/?btn=tag
Current thread:
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Muhammad Faisal Rauf Danka (Jun 19)
- <Possible follow-ups>
- Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Mark Litchfield (Jun 19)