mailing list archives
Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
From: "Mark Litchfield" <mark () ngssoftware com>
Date: Wed, 19 Jun 2002 22:02:45 -0700
This does not suprise me, as I sent a number of mails over a period of
to security () apache org detailing the issue with the relevant HTTP request
early as the end of April with my first response to the issue received on
the 27th May from Manoj Kasichainula.
Whether the issue was discovered and discussed independently, or whether
mails I sent were distributed (and possibly redistributed) the damage has
already been done.
----- Original Message -----
From: "Muhammad Faisal Rauf Danka" <mfrd () attitudex com>
To: <bugtraq () securityfocus com>
Sent: Tuesday, June 18, 2002 9:35 PM
Subject: Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP
This bug has already been mentioned on the public mailing list for
which is here =
as we can see it was on Date: Tue May 28, 2002 5:22 pm.
and the bug is fixed in CVS for Apache 2.0
this advisory is rather in form of a uniformed and questionable
Surely ISS will get a lot of press for that. =)
oh and Apache 1.3.26 and 2.0.39 are released, These versions are both
security and bug-fix releases.
You can download them from:
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
Pakistan Computer Emergency Responce Team (PakCERT)
Chief Security Analyst
Applied Technology Research Center (ATRC)
Promote your group and strengthen ties to your members with
email () yourgroup org by Everyone.net http://www.everyone.net/?btn=tag