[999] in bugtraq
Re: Vulnerability in NCSA HTTPD 1.3
daemon@ATHENA.MIT.EDU (Robert M. Haas)
Wed Feb 15 03:42:51 1995
To: Christopher Davis <ckd@loiosh.kei.com>
Cc: "Paul 'Shag' Walmsley" <ccshag@cclabs.missouri.edu>,
Thomas Lopatic <lopatic@dbs.informatik.uni-muenchen.de>,
bugtraq@fc.net
In-Reply-To: Your message of "Tue, 14 Feb 1995 11:18:00 EST."
<199502141618.LAA11034@loiosh.kei.com>
Date: Tue, 14 Feb 1995 20:59:05 -0800
From: "Robert M. Haas" <rhaas@cygnus.arc.nasa.gov>
> CERN's httpd seems to be a bit smarter about this sort of thing, but it's
> SO huge that even if they have only 10% as many bugs per K, they're worse
> than NCSA. (NCSA's src/* is 195K; CERN's WWW/Daemon/Implementation is
> 610K, plus WWW/Library/Implementation's 1406K(!).)
Are there known bugs in CERN's httpd? Is there a buglist? If so I would
appreciate a copy...
I'm running CERN's httpd chroot'd, figuring that gives me a little room
for error. Am I kidding myself?
...Robert
