[25872] in bugtraq
Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP
daemon@ATHENA.MIT.EDU (Muhammad Faisal Rauf Danka)
Wed Jun 19 16:59:09 2002
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Date: Tue, 18 Jun 2002 21:35:36 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: bugtraq@securityfocus.com
Reply-To: mfrd@attitudex.com
Message-Id: <20020619043537.081143ECC@sitemail.everyone.net>
This bug has already been mentioned on the public mailing list for Apache which is here =
http://groups.yahoo.com/group/new-httpd/message/36545
as we can see it was on Date: Tue May 28, 2002 5:22 pm.
and the bug is fixed in CVS for Apache 2.0
this advisory is rather in form of a uniformed and questionable advisory.
Surely ISS will get a lot of press for that. =)
oh and Apache 1.3.26 and 2.0.39 are released, These versions are both security and bug-fix releases.
You can download them from:
http://www.apache.org/dist/httpd/
Regards,
---------
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org
Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk
_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag
