DoS: Apache 1.3 all versions including 1.3.24, Apache 2 all versions up to 2.0.36

Ivo ivo at primerelay.net
Tue Jun 18 08:16:28 PDT 2002


On Tue, Jun 18, 2002 at 04:05:45PM +0100, James Spinks wrote:
> According to the CERT Advisory...
> 
>    The Apache Software Foundation has released two new versions of Apache
>    that correct this vulnerability. System administrators can prevent the
>    vulnerability  from  being  exploited  by  upgrading to Apache version
>    1.3.25  or  2.0.39.  The new versions of Apache will be available from
>    their web site at http://httpd.apache.org/ 

It's not there yet.. However the latest 1.3 CVS snapshot [1] does identify
itself as 1.3.25. I'm not sure if this bug is fixed though.

cheers,
Ivo


[1] http://cvs.apache.org/snapshots/apache-1.3/apache-1.3_20020618101200.tar.gz
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list