[19633] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

FORW: Re: [ANNOUNCE] Apache 1.3.19 Released

daemon@ATHENA.MIT.EDU (Dan Harkless)
Tue Mar 13 23:27:42 2001

Message-ID:  <200103130858.AAA11506@dilvish.speed.net>
Date:         Tue, 13 Mar 2001 00:58:52 -0800
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Here's Martin's response to my question about what Apache versions have that
hole:


------- Forwarded Message

Date: Tue, 13 Mar 2001 09:51:52 +0100
From: Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>
Subject: Re: [ANNOUNCE] Apache 1.3.19 Released
Message-ID: <20010313095152.B81887@deejai2.mch.fsc.net>

On Mon, Mar 12, 2001 at 06:40:04PM -0800, Dan Harkless wrote:
> What versions of Apache are susceptible to that "very long path" directory
> listing disclosure bug?  All previous versions, or...?

Yes, unfortunately. This bug probably was already in 1.2.x.

  Martin
- --
<Martin.Kraemer@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-41143 | 81730  Munich,  Germany

------- End of Forwarded Message


----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.

home	help	back	first	fref	pref	prev	next	nref	lref	last	post