httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Security holes from stock CGI programs (fwd)
Date Fri, 29 Mar 1996 20:48:58 GMT

Not acked - I wasn't sure of the answer.

Date: Fri, 29 Mar 1996 12:43:11 -0800 (PST)
From: Tom Phoenix <tom@col-ed.org>
To: apache-bugs@mail.apache.org
Subject: Security holes from stock CGI programs
Message-ID: <Pine.LNX.3.91.960329123422.16862B-100000@garnet.col-ed.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

I've heard that some of the CGI programs that come with apache may have 
security holes, which CERT says are being "actively exploited".

   ftp://cert.org/pub/cert_advisories/CA-96.06.cgi_example_code

It would be good to include on the Apache website a notice about that, and 
information on how to identify whether your installation is vulnerable 
and what to do about it.

Thanks!

--Tom <tom@col-ed.org>
----- End of forwarded message from Tom Phoenix -----

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.

Mime
View raw message