mailing list archives
Re: Apache mod_ssl off-by-one vulnerability
From: H D Moore <sflist () digitaloffense net>
Date: Wed, 26 Jun 2002 21:46:12 -0500
Just to confirm, the bug exists in 2.8.9 and earlier? The first part of the
advisory mentions 2.4.9, so a casual reader may assume they are unaffected if
they don't read all the way to the bottom...
On Monday 24 June 2002 15:47, Jedi/Sector One wrote:
Product: mod_ssl - http://www.modssl.org/
Summary: Off-by-one in mod_ssl 2.4.9 and earlier
[ snip ]
The mod_ssl development team was very reactive and a new version has just
been released. mod_ssl 2.8.10 addresses the vulnerability and it is
freely available from http://www.modssl.org/ . Upgrading from an earlier
release is painless.