httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: Security Advisory
Date Fri, 16 Aug 2002 16:04:24 GMT
Carol Langland wrote:
> I was wondering if anyone knows about the recent security advisory posted on
> August 9th.  The document says that you can edit your httpd.conf file and
> add the following line:
> 
> RedirectMatch 400 "\\\.\."
> 
> Does anyone know if this "patch" works on version 1.3.6 (Windows)?

The advisory is for 2.0 only.  1.3 is not thought to be vulnerable.  I 
don't believe that you can do any harm with the RedirectMatch, however.

> The
> writeup isn't quite clear.  Also, does anyone know how to hack into the
> security hole so we can check to see if the patch works?

If you hang out on bugtraq, I'm sure you'll see it eventually. The 
apache people are trying not to distribute it until people have a chance 
to protect their server.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message