[2964] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: 'phf' cgi-bin attack

daemon@ATHENA.MIT.EDU (Chuck Murcko)
Tue Sep 17 17:33:15 1996

From: Chuck Murcko <chuck@telebase.com>
To: www-security@ns2.rutgers.edu
Date: Tue, 17 Sep 1996 15:35:05 -0400 (EDT)
Errors-To: owner-www-security@ns2.rutgers.edu

The bug that allows this attack (unescaped newline) has been fixed in Apache
since 1.0.5, and in NCSA since (no lower than) 1.5.1, I believe.

chuck
Chuck Murcko	N2K Inc.	Wayne PA	chuck@telebase.com
And now, on a lighter note:
Only God can make random selections.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2964] in WWW Security List Archive

Re: 'phf' cgi-bin attack

daemon@ATHENA.MIT.EDU (Chuck Murcko)Tue Sep 17 17:33:15 1996

daemon@ATHENA.MIT.EDU (Chuck Murcko)
Tue Sep 17 17:33:15 1996