Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Apache Vulnerability through a Proxy?
From: Jason Yates <jaywhy2 () comcast net>
Date: Fri, 21 Jun 2002 21:40:22 -0400
On Fri, 2002-06-21 at 04:56, Ulf Bahrenfuss wrote:

Hi!

Does anyone know, if the chunk handling vulnerability carries through a proxy i.e. Squid or Webcache? (Updating is 
currently not possible, because it is not the plain apache, but the Oracle IAS flavour...)

Or has anyone further information how this vulnerabilty really works?

Any pointers are appreciated.

Regards

Ulf



I've been very confused about this vulnerabity.  I've heard so many
conflicting reports of whats actually vulnerable and whats not.  I think
the best approach is to be more safe then sorry.  Upgrade your systems
to either the 1.3.26 or 2.0.39 versions of Apache, no matter what OS, or
architecture your running.

For IAS check out,

http://otn.oracle.com/deploy/security/pdf/apache_alert.pdf
http://otn.oracle.com/deploy/security/alerts.htm

Patchs here,

http://metalink.oracle.com/



-Jason Yates

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]