I have forgotten the most important effect of the bug. Apache don't register the attacker's request in the log files (access and error DON'T report the string, the error or other information about the event). This is very useful for the attacker for run remote commands or open idle connections without the danger of be logged.
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 00:16:37 PDT