httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcus Meissner <meiss...@suse.de>
Subject Re: CVE-2003-1418 - still affects apache 2 current
Date Thu, 01 Sep 2011 15:23:58 GMT
On Thu, Sep 01, 2011 at 05:17:16PM +0200, Reindl Harald wrote:
..
> mtime -> well, is directly in the header -> Last-Modified
> size -> well, directly in the header -> Content-Length
> inode -> well, where is there any security implication?

I could not directly think of one.

The reason is just that there is a CVE entry that checkers check for
and every user of those checkers asks back from their vendors.

A statement from Apache project that its not seen as security issue is
probably sufficient.

Ciao, Marcus

Mime
View raw message