httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49623] CVE-2003-1418 - all httpd versions seem to expose inode values in FileEtag
Date Thu, 01 Sep 2011 21:21:54 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49623

--- Comment #1 from William A. Rowe Jr. <wrowe@apache.org> 2011-09-01 21:21:54 UTC ---
Please provide a citation of how possessing an arbitrary identifier, the inode,
represents either a local or remote exploit?

No, not the respective validation test that is failing, but an actual citation 
w.r.t. the value of an inode to exploiting a machine.  Validation vendors are
famous for not actually probing for vulnerabilities, but regurgitating them
based on version numbers.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message