Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 20927 invoked by uid 500); 8 Apr 2003 09:34:23 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 20870 invoked from network); 8 Apr 2003 09:34:22 -0000 Received: from dsl093-078-119.sfo2.dsl.speakeasy.net (HELO www.lerdorf.com) (66.93.78.119) by daedalus.apache.org with SMTP; 8 Apr 2003 09:34:22 -0000 Received: from [10.0.1.26] ([10.0.1.26]) by www.lerdorf.com (8.12.9/8.12.9/Debian-1) with ESMTP id h389Ya7q012942 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 8 Apr 2003 02:34:36 -0700 Date: Tue, 8 Apr 2003 01:34:48 -0700 (PDT) From: Rasmus Lerdorf X-X-Sender: rasmus@thinkpad.lerdorf.com To: users@httpd.apache.org In-Reply-To: <20030408091814.31290.qmail@web21006.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] ** New Apache vulnerability ?? *** Apache HTTP Server MIME message boundaries information disclosure Why don't you just follow the remedy instructions given right at the URL you referenced. Either disable FileEtag or apply the patch they reference: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch But yes, this should probably be addressed in the main Apache code base. This patch, or one like it, is not in CVS yet. -Rasmus On Tue, 8 Apr 2003, Hassan S wrote: > [ 2nd try] > > Any response is highly appreciated. > > Thanks > Hassan > > --- Hassan S wrote: > > Hello Everyone, > > > > Did anyone remedy this vulnerability which was > > described in the following link? > > > > http://www.iss.net/security_center/static/11438.php > > > > What are the necessary steps (patch, if any) to > > take? > > > > Thanks in advance, > > Hasan > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Tax Center - File online, calculators, forms, > > and more > > http://tax.yahoo.com > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the > > Apache HTTP Server Project. > > See for > > more info. > > To unsubscribe, e-mail: > > users-unsubscribe@httpd.apache.org > > " from the digest: > > users-digest-unsubscribe@httpd.apache.org > > For additional commands, e-mail: > > users-help@httpd.apache.org > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Tax Center - File online, calculators, forms, and more > http://tax.yahoo.com > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org