Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Apache mod_ssl off-by-one vulnerability
From: H D Moore <sflist () digitaloffense net>
Date: Wed, 26 Jun 2002 21:46:12 -0500

Just to confirm, the bug exists in 2.8.9 and earlier? The first part of the 
advisory mentions 2.4.9, so a casual reader may assume they are unaffected if 
they don't read all the way to the bottom...

On Monday 24 June 2002 15:47, Jedi/Sector One wrote:
Product: mod_ssl - http://www.modssl.org/
Date: 06/24/2002
Summary: Off-by-one in mod_ssl 2.4.9 and earlier

 [ snip ]

The mod_ssl development team was very reactive and a new version has just
been released. mod_ssl 2.8.10 addresses the vulnerability and it is
freely available from http://www.modssl.org/ . Upgrading from an earlier
release is painless.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]