httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 28193] - Webdav Exploit - DOS Vulnerability Apache 1.3.x Series
Date Mon, 05 Apr 2004 04:40:03 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28193>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28193

Webdav Exploit - DOS Vulnerability Apache 1.3.x Series

purlgurl@purlgurl.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |



------- Additional Comments From purlgurl@purlgurl.net  2004-04-05 04:40 -------
Resolved, invalid?

This is a bug. This is an inability to hook
into selected error conditions. With the
advent of Webdav exploits, is critically
important for administrators to capture
and deal with an error 414 conditon.

Apache 1.3.x affords no ability to deal
with this exploit. This is a bug. No
administrator can deal with this exploit
under current software conditions.

You have dismissed this as "resolved invalid"
in lieu of any discussion, in lieu of any
comments coming in from others. It is clear
by time stamps you spent little, if any time,
considering the ramifications of this bug.

Strikes me your decision is both premature
and done so without research. You should at
least allow a bit of time for other comments
to come in, to fully assess the impact of
this clear bug in Apache 1.3.x series.

Premature dismissal of a bug report, in lieu
of discussion and comments, defeats the whole
purpose of bugzilla reporting. I am clearly
dismayed you dismiss bug reports so lightly.
Doing so discourages others from reporting
problems for which resolution may prove
highly beneficial.

In this case, it is exceedingly clear an ability
to hook into an error 414 condition is very
critical, very needed.

Certainly I will think twice before investing
time and effort into reporting an item I believe
may benefit our Apache community.

Kira

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message