httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <DRugg...@primary.net>
Subject Re: CVE-2003-1418 - still affects apache 2 current
Date Thu, 01 Sep 2011 23:02:22 GMT
On 9/1/2011 10:23 AM, Marcus Meissner wrote:
> On Thu, Sep 01, 2011 at 05:17:16PM +0200, Reindl Harald wrote:
> ..
>> mtime -> well, is directly in the header -> Last-Modified
>> size -> well, directly in the header -> Content-Length
>> inode -> well, where is there any security implication?
> I could not directly think of one.
>
> The reason is just that there is a CVE entry that checkers check for
> and every user of those checkers asks back from their vendors.
>
> A statement from Apache project that its not seen as security issue is
> probably sufficient.
>
> Ciao, Marcus

This is a sane response to the "problem". I've been asking why this is a
vulnerability for years and have yet to receive an answer... Maybe I
haven't asked the right people.

-- 
--
Daniel Ruggeri

Mime
View raw message