Home page logo
/

bugtraq logo Bugtraq mailing list archives

Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
From: "Mark Litchfield" <mark () ngssoftware com>
Date: Wed, 19 Jun 2002 22:02:45 -0700


This does not suprise me, as I sent a number of mails over a period of
time
to security () apache org detailing the issue with the relevant HTTP request
as
early as the end of April with my first response to the issue received on
the 27th May from Manoj Kasichainula.

Whether the issue was discovered and discussed independently, or whether
the
mails I sent were distributed (and possibly redistributed) the damage has
already been done.

Regards

Mark Litchfield
www.ngssoftware.com



----- Original Message -----
From: "Muhammad Faisal Rauf Danka" <mfrd () attitudex com>
To: <bugtraq () securityfocus com>
Sent: Tuesday, June 18, 2002 9:35 PM
Subject: Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP
Server


This bug has already been mentioned on the public mailing list for
Apache
which is here =
http://groups.yahoo.com/group/new-httpd/message/36545

as we can see it was on Date:  Tue May 28, 2002  5:22 pm.

and the bug is fixed in CVS for Apache 2.0
this advisory is rather in form of a uniformed and questionable
advisory.
Surely ISS will get a lot of press for that. =)

oh and Apache 1.3.26 and 2.0.39 are released, These versions are both
security and bug-fix releases.
You can download them from:
http://www.apache.org/dist/httpd/



Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with
email () yourgroup org by Everyone.net  http://www.everyone.net/?btn=tag





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault