httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Security vulnerability on Apache web server
Date Wed, 10 Sep 2003 15:33:24 GMT

On Wed, 10 Sep 2003, Cui Xiaojing-a13339 wrote:
> 1. rootdotdot: HTTP "dot dot" sequences

Uhhh... Have you actually verified this yourself?  I don't recall that
bug existing in any remotely recent version of apache.

> 2.HttpTraceEnabled: HTTP TRACE is enabled

This is bull.  It was discussed on this list a few weeks ago; see the
archive.  But in summary, having TRACE enabled is NOT a vulnerability.

Doesn't your vulnerability scanner provide CVE names for its
vulnerabilities?  These are common reference numbers used to avoid vauge
problem descriptions like number 1 above.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message