Re: Apache Vulnerability through a Proxy?

From: Jason Yates (jaywhy2at_private)
Date: Fri Jun 21 2002 - 18:40:22 PDT

Next message: Christopher Gripp: "RE: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS"

Previous message: securityat_private: "Security Update: [CSSA-2002-029.0] Linux: Apache Web Server Chunk Handling Vulnerability"
In reply to: Ulf Bahrenfuss: "Apache Vulnerability through a Proxy?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2002-06-21 at 04:56, Ulf Bahrenfuss wrote:
> Hi!
> 
> Does anyone know, if the chunk handling vulnerability carries through a proxy i.e. Squid or Webcache? (Updating is currently not possible, because it is not the plain apache, but the Oracle IAS flavour...)
> 
> Or has anyone further information how this vulnerabilty really works?
> 
> Any pointers are appreciated.
> 
> Regards
> 
> Ulf
> 

I've been very confused about this vulnerabity.  I've heard so many
conflicting reports of whats actually vulnerable and whats not.  I think
the best approach is to be more safe then sorry.  Upgrade your systems
to either the 1.3.26 or 2.0.39 versions of Apache, no matter what OS, or
architecture your running.

For IAS check out,

http://otn.oracle.com/deploy/security/pdf/apache_alert.pdf
http://otn.oracle.com/deploy/security/alerts.htm

Patchs here,

http://metalink.oracle.com/

-Jason Yates

Next message: Christopher Gripp: "RE: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS"
Previous message: securityat_private: "Security Update: [CSSA-2002-029.0] Linux: Apache Web Server Chunk Handling Vulnerability"
In reply to: Ulf Bahrenfuss: "Apache Vulnerability through a Proxy?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 00:14:05 PDT