httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gene <listm...@Bomgardner.net>
Subject Re: [users@httpd] Possible apache security hole??
Date Fri, 04 Mar 2005 16:33:22 GMT
Rob Tanner wrote:

>Hi,
>
>We have an unknown assailant twice beak into our main webserver as the
>apache user (the user the web server runs as) and each time he plated
>files in /var/tmp and caused the whole system to hang (RH Linux).  I
>don't know that he/she is coming in by taking advantage of an apache
>bug or not, but here is the list of what's running in the server and
>what I'm wondering is whether my problem sounds like a known issue with
>any one of these packages/versions.  The hacker might, of course, be
>getting in via some entirely unrelated mechanism.
> 
>Server: Apache/2.0.47 (Unix) mod_ssl/2.0.47 
>OpenSSL/0.9.7a DAV/2 PHP/4.3.6 mod_jk/1.2.4
>
>Thanks.
>
>  
>
I had a similar problem and was advised by someone (who knows a bit more 
than I do) that I should upgrade PHP. I now run PHP 5.0.3. Apparently 
there is a security issue with earlier PHP versions.

Gene


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message