-----BEGIN PGP SIGNED MESSAGE----- On Sun, 24 Feb 2002, Pedro Hugo wrote: > There are rumours about an exploit for apache 1.3.22 at least... Don't > have yet details on it... Anyone else heard about it ? I hear such rumors all the time. In every case, the person spreading the rumor has absolutely no details of the type of exploit, whether the exploit entails simple data disclosure or a shell, or even how the exploit is accomplished. They only know of "some guy" who knows "someone" who did "something" to "some system." Hell, I've encountered more sophisticated urban legends at Snopes. With all of that in mind, I'm inclined to believe that no such risk really exists and that some chimp has confused a vulnerability in a third-party CGI script (or a Linux vendor's monkeyed-up install of Apache) to mean that Apache itself is vulnerable, when it's not. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `The armed are citizens. The unarmed are subjects.' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBPHmyAblDRyqRQ2a9AQH5eQP/Q//t5JwJv3hsk/UlFbOMofO/wbN+AtZC fY0/CpZyPEdh/IsRetoJu3cuBC5Fq9SOeCWDNgHA2PRXVZwnM3rfTNKojJGpQ+z2 qu1xf2tazG3l7yYwN8DA9E3ivtB6AT6vkG6IWkQEDQ+lG+in45ZLboqrXp3LfOAb CravqumVmLc= =vQ5a -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Feb 25 2002 - 17:20:25 PST