httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 16423] New: - TRACE vulnerability
Date Sat, 25 Jan 2003 18:56:28 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16423>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16423

TRACE vulnerability

           Summary: TRACE vulnerability
           Product: Apache httpd-1.3
           Version: 1.3.27
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: m4341@abc.se


The TRACE command in the HTTP protocol does allow for security problems.

As described at http://www.whitehatsec.com/press_releases/WH-PR-20030120.txt

Sincce this already is reported at slashdot, I consider it a public problem
already and I am therefore reporting it here.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message