Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Apache config help

> While on the subject of Apache, I am probably stating the obvious, but does
> everyone know that versions up to 1.3.24 have a DoSable bug, which someone
> has now reased an exploit for?

All distributions that I use released new versions so the answer is
yes. From the apache site 
"Versions of the Apache web server up to and including 1.3.24 and 2.0 up to
and including 2.0.36 contain a bug in the routines which deal with invalid
requests which are encoded using chunked encoding."

After updating:

Debian Unstable: apache 1.3.26
Debian Stable:   apache 1.3.9_14.1 - fixed version from 
Gentoo 1.2:      apache 1.3.26
OpenBSD 3.0:     apache 1.3.19
FreeBSD 4.6:     apache 1.3.26

________  Stoyan Zhekov <sto [AT] zhware [DOT] net>  ________
fpr:        2A61 58D0 A69C FF68 4785 A0A3 89DE AEC0 3CA6 41A8
____________ Is there life after /sbin/halt -p? _____________ 

Attachment: pgp00010.pgp
Description: PGP signature

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links