Home page logo

bugtraq logo Bugtraq mailing list archives

Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
From: "Mark Litchfield" <mark () ngssoftware com>
Date: Wed, 19 Jun 2002 22:02:45 -0700

This does not suprise me, as I sent a number of mails over a period of
to security () apache org detailing the issue with the relevant HTTP request
early as the end of April with my first response to the issue received on
the 27th May from Manoj Kasichainula.

Whether the issue was discovered and discussed independently, or whether
mails I sent were distributed (and possibly redistributed) the damage has
already been done.


Mark Litchfield

----- Original Message -----
From: "Muhammad Faisal Rauf Danka" <mfrd () attitudex com>
To: <bugtraq () securityfocus com>
Sent: Tuesday, June 18, 2002 9:35 PM
Subject: Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP

This bug has already been mentioned on the public mailing list for
which is here =

as we can see it was on Date:  Tue May 28, 2002  5:22 pm.

and the bug is fixed in CVS for Apache 2.0
this advisory is rather in form of a uniformed and questionable
Surely ISS will get a lot of press for that. =)

oh and Apache 1.3.26 and 2.0.39 are released, These versions are both
security and bug-fix releases.
You can download them from:

Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk


Promote your group and strengthen ties to your members with
email () yourgroup org by Everyone.net  http://www.everyone.net/?btn=tag

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]