UNIRAS ALERT - 34/04 - Vulnerability Issues with Apache 2.0.x

["Richie B." <richie () NO-SPAM-HERE com>]

I did not see this here yet.

1. Through the testing of Apache by using the Codenomicon HTTP Test 
Tool, the ASF Security
Team have discovered a bug in the apr-util library, which can lead to 
arbitrary code
execution.

2. SITIC have discovered that Apache suffers from a buffer overflow when 
expanding environment
variables in configuration files such as .htaccess and httpd.conf, 
leading to possible
privilege escalation.



http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3404.txt