Vulnerability Development mailing list archives

Re: Another flaw in Apache?

From: sd <sd () cdi cz>
Date: Wed, 26 Jun 2002 18:22:37 +0200

On Sun, Jun 23, 2002 at 03:03:13PM +0100, Filipe Jorge Marques de Almeida wrote:

Don't forget this is not a serious vulnerability in many configurations (if the
user already has permission to run cgi scripts without suexec, SSI, etc).

On Sat, Jun 22, 2002 at 09:27:48PM -0400, Michal Zalewski wrote:

Check out what you get - file descriptors and other goodies - and perhaps
it is a good time to cc: bugtraq or at least Apache guys?;-)


--
Filipe Almeida


imho it's serious for freeweb providers, they become a freeshell providers ;)
not mentioning that you can play a bit with port 80 socket, pernamently
killing all childs to put your child for some use. defacing whole webserver,
web sniffing IS possible.

-- 
_ __/|
\'X.X'   sd@ircnet
=(___)=  http://sd.g-art.nl
    U

Current thread:

RE: Another flaw in Apache?, (continued)
- - RE: Another flaw in Apache? Ryan Sweat (Jun 22)
  - Re: Another flaw in Apache? Michal Zalewski (Jun 22)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Message not available
    - Re: Another flaw in Apache? Filipe Almeida (Jun 23)
    - Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Michal Zalewski (Jun 23)
    - Re: Another flaw in Apache? Michal Zalewski (Jun 23)
    - Re: Another flaw in Apache? sd (Jun 26)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Pavel Kankovsky (Jun 23)