Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server

From: Mark Litchfield (markat_private)
Date: Wed Jun 19 2002 - 22:02:45 PDT

Next message: Tina Bird: "Implications of Apache vuln for Oracle"

Previous message: gobblesat_private: "Remote Apache 1.3.x Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This does not suprise me, as I sent a number of mails over a period of
time
> to securityat_private detailing the issue with the relevant HTTP request
as
> early as the end of April with my first response to the issue received on
> the 27th May from Manoj Kasichainula.
>
> Whether the issue was discovered and discussed independently, or whether
the
> mails I sent were distributed (and possibly redistributed) the damage has
> already been done.
>
> Regards
>
> Mark Litchfield
> www.ngssoftware.com
>
>
>
> ----- Original Message -----
> From: "Muhammad Faisal Rauf Danka" <mfrdat_private>
> To: <bugtraqat_private>
> Sent: Tuesday, June 18, 2002 9:35 PM
> Subject: Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP
> Server
>
>
> > This bug has already been mentioned on the public mailing list for
Apache
> which is here =
> > http://groups.yahoo.com/group/new-httpd/message/36545
> >
> > as we can see it was on Date:  Tue May 28, 2002  5:22 pm.
> >
> > and the bug is fixed in CVS for Apache 2.0
> > this advisory is rather in form of a uniformed and questionable
advisory.
> > Surely ISS will get a lot of press for that. =)
> >
> > oh and Apache 1.3.26 and 2.0.39 are released, These versions are both
> security and bug-fix releases.
> > You can download them from:
> > http://www.apache.org/dist/httpd/
> >
> >
> >
> > Regards,
> > ---------
> > Muhammad Faisal Rauf Danka
> >
> > Chief Technology Officer
> > Gem Internet Services (Pvt) Ltd.
> > web: www.gem.net.pk
> >
> > Vice President
> > Pakistan Computer Emergency Responce Team (PakCERT)
> > web: www.pakcert.org
> >
> > Chief Security Analyst
> > Applied Technology Research Center (ATRC)
> > web: www.atrc.net.pk
> >
> > _____________________________________________________________
> > ---------------------------
> > [ATTITUDEX.COM]
> > http://www.attitudex.com/
> > ---------------------------
> >
> > _____________________________________________________________
> > Promote your group and strengthen ties to your members with
> emailat_private by Everyone.net  http://www.everyone.net/?btn=tag
> >
>
>

Next message: Tina Bird: "Implications of Apache vuln for Oracle"
Previous message: gobblesat_private: "Remote Apache 1.3.x Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 18:09:55 PDT