Re: Apache Win32 8192 string bug

From: Jay D. Dyson (jdysonat_private)
Date: Thu Apr 12 2001 - 11:14:45 PDT

Next message: Can Erkin Acar: "Re: Looking for exploits"

Previous message: Jan Münther: "Re: Ports vulnerability database"
Next in thread: Jay D. Dyson: "Re: Apache Win32 8192 string bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 11 Apr 2001, Meredith Shaebanyan wrote:

> Many people may use apache on Win32 without being familiar with the
> Apache documentation, or even be aware that they are running apache.

	No argument there.  Those same people typically don't pay any mind
to vulnerability reports either.  Same difference.

> Many vendors bundle apache with their products -- IBM Websphere uses
> apache as it's webserver, and Novell uses IBM Websphere, so users of
> both Novell and Websphere run apache. Apache is bundled with Oracle 8,
> as well. According to Oracle's website, there are over three million
> downloads of Oracle 8 Enterprise Edition*.

	Is this UNIX Apache or Win32 Apache you're talking about here?  It
strikes me as horribly irresponsible for any company to bundle their
product with a known beta product.  Even the direct link for Win32 Apache
(http://httpd.apache.org/docs/windows.html) from the Apache HTTPd site has
the following caveat:

	"Please note that at this time, Windows support is entirely
	experimental, and is recommended only for experienced users. The
	Apache Group does not guarantee that this software will work as
	documented, or even at all.

	<snip>

	"Warning: Apache on NT has not yet been optimized for performance."

	If anyone should get busted on the chops here, it's the businesses
that are bundling this unsupported product, not the Apache folks.

- -Jay

  (    (                                                          _______
  ))   ))   .- "There's always time for a good cup of coffee" -.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) |    = |-'
 `--' `--'  `---------- "Si vis pacem, para bellum." ----------'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBOtXiidCClfiU/BIVAQHp2wP+NpVwhKboZU51DIWKZgKFwTcz4bevfDxd
SGUZWi3RiqUbJNyKTNeofARl6AmtYJm9nyV4ABSblcjCZJj68oSkZLyRrUha/XLI
jez3UC3QHNbCGaFIIlCRcP9sThJkQhXiyglUaoXfgXhzVK2Pbuiz4RH+sYZ/xi26
SVVxyNPaQOM=
=mY2+
-----END PGP SIGNATURE-----

Next message: Can Erkin Acar: "Re: Looking for exploits"
Previous message: Jan Münther: "Re: Ports vulnerability database"
Next in thread: Jay D. Dyson: "Re: Apache Win32 8192 string bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 11:53:28 PDT