httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Security vulnerability on Apache web server
Date Wed, 10 Sep 2003 15:33:24 GMT

On Wed, 10 Sep 2003, Cui Xiaojing-a13339 wrote:
> 1. rootdotdot: HTTP "dot dot" sequences

Uhhh... Have you actually verified this yourself?  I don't recall that
bug existing in any remotely recent version of apache.

> 2.HttpTraceEnabled: HTTP TRACE is enabled

This is bull.  It was discussed on this list a few weeks ago; see the
archive.  But in summary, having TRACE enabled is NOT a vulnerability.

Doesn't your vulnerability scanner provide CVE names for its
vulnerabilities?  These are common reference numbers used to avoid vauge
problem descriptions like number 1 above.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message