Tested & Vulnerable apache 1.3.4 on bsdi 4.0 Turned off "MultiViews" & now we're not vulnerable. Multiviews controls content negotiation, so you could have some problems if you have multilingual customer base, but this isn't much of an issue for us. This is the easy fix, yes? Ken peter.allen@moon-light.co.uk wrote: > > According to Bugtraq it only applies to Apache 1.3.17 and lower. > > HTH > > Peter > > At 15:43 27/07/01 -0700, Phil Stracchino wrote: > >On Fri, Jul 27, 2001 at 06:12:11PM -0400, Brian Dinello wrote: > > > > > > > > > As we don't have access to all versions of Apache on all platforms, I can't > > > say for certain that this will work on all of them. The version that we > > > have successfully tested on with 100% consistency is Apache 1.3.12 on > > NT4. > > > > > > Please let me know if you duplicate this success on any other platforms. > > > >I was unable to reproduce it on Apache 1.3.20/PHP4.0.6/mysql-3.23.36 on > >Slackware 7.0. > > > > > >-- > > Linux Now! ..........Because friends don't let friends use Microsoft. > > phil stracchino -- the renaissance man -- mystic zen biker geek > > alaricat_private halmayneat_private > > 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
This archive was generated by hypermail 2b30 : Mon Jul 30 2001 - 12:22:28 PDT