httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gene <>
Subject Re: [users@httpd] Possible apache security hole??
Date Fri, 04 Mar 2005 16:33:22 GMT
Rob Tanner wrote:

>We have an unknown assailant twice beak into our main webserver as the
>apache user (the user the web server runs as) and each time he plated
>files in /var/tmp and caused the whole system to hang (RH Linux).  I
>don't know that he/she is coming in by taking advantage of an apache
>bug or not, but here is the list of what's running in the server and
>what I'm wondering is whether my problem sounds like a known issue with
>any one of these packages/versions.  The hacker might, of course, be
>getting in via some entirely unrelated mechanism.
>Server: Apache/2.0.47 (Unix) mod_ssl/2.0.47 
>OpenSSL/0.9.7a DAV/2 PHP/4.3.6 mod_jk/1.2.4
I had a similar problem and was advised by someone (who knows a bit more 
than I do) that I should upgrade PHP. I now run PHP 5.0.3. Apparently 
there is a security issue with earlier PHP versions.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message