httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Asif Iqbal <iqb...@qwestip.net>
Subject [users@httpd] apache vulnerability
Date Wed, 29 Oct 2003 18:37:49 GMT

Hi All

According to this url

http://www.secunia.com/advisories/10096

mod_alias and mod_rewrite have possible buffer overfolw vulnerabilities "if they
are configured with a regular expression with more than 9 captures".
Exploitation requires a specially crafted .htaccess file

How would I know if I am using 9 captures or not ? Sorry for a newbie question

Thanks a lot

-- 
Asif Iqbal
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x8B686E08
There's no place like 127.0.0.1


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message