Security Incidents mailing list archives

Re: Apache goes berserk

From: Brett Glass <brett () lariat org>
Date: Thu, 27 Jun 2002 15:27:53 -0600

At 03:09 PM 6/27/2002, Tobias Rosenstock wrote:

looks like your box is under fire from someone who tries to break in
through the well-published apache chunked request vulnerability, probably
even using apache-scalp.c, which was published on bugtraq last week.


This could well be.

However, I'm running 2.0.39, which The Apache Group says is supposed to 
be immune. 

Maybe they're wrong, or maybe a DoS is possible even though a complete
takeover of the server is not.

--Brett


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Apache goes berserk Brett Glass (Jun 27)
- Re: Apache goes berserk Tobias Rosenstock (Jun 27)
- Message not available
  - Re: Apache goes berserk Brett Glass (Jun 28)