|
Bugtraq
mailing list archives
Re: Vulnerability in NCSA HTTPD 1.3
From: ckd () loiosh kei com (Christopher Davis)
Date: Thu, 16 Feb 1995 13:03:43 -0500
RMH> == Robert M Haas <rhaas () cygnus arc nasa gov>
ckd> CERN's httpd seems to be a bit smarter about this sort of thing, but
ckd> it's SO huge that even if they have only 10% as many bugs per K,
ckd> they're worse than NCSA.
RMH> Are there known bugs in CERN's httpd? Is there a buglist? If so I
RMH> would appreciate a copy...
I don't know of any bugs in CERN's httpd, and I haven't seen a buglist. I
just noted the huge difference in code size (it's a very coarse metric, I
know, but I find it a useful rule of thumb).
RMH> I'm running CERN's httpd chroot'd, figuring that gives me a little
RMH> room for error. Am I kidding myself?
Probably not. At least chroot() will help matters somewhat.
ObBug1: wn/0.97a and earlier has the same problem as NCSA httpd. Get 0.98.
ObBug2: Netscape doesn't like the WWW-Link http header on images; it'll
show a broken image instead. wn will emit this header. I #ifdef'ed it
out for now (and reported the bug to Netscape Communications).
 By Date 
By Thread
Current thread:
|
Intro
