httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John T. Mills" <>
Subject Re: [users@httpd] CVE-2007-3008
Date Wed, 09 Jan 2008 21:21:11 GMT

Yeah it's a bit of a reach.  PCI's been a bit bad at sensing problem avoidance through intelligence
versus all the listed bug if let unconfigured things.

I got a bit more data on it.  I need to recompile apache with rewrite enabled and tweak the
httpd.conf.  Another PCI checkbox conquered! lol


----- Original Message ----
From: Joshua Slive <>
Sent: Wednesday, January 9, 2008 2:53:48 PM
Subject: Re: [users@httpd] CVE-2007-3008

On Jan 9, 2008 3:05 PM, John T. Mills <> wrote:
> I'm running 2.2.4 and I've been told I need to manually tweak
> to fix CVE-2007-3008.  I can't find any mention of this bug in the
 bug list.

I love the "I've been told" stuff. Who told you this, and do they know
what they are talking about?

You won't find CVE-2007-3008 listed anywhere because it is not related
to apache. It is for the Mbedthis AppWeb:

It also doesn't look to be a serious problem in the first place. The
"TRACE" method is not really a security vulnerability. It can be
turned off in apache with the
TraceEnable off


The official User-To-User support forum of the Apache HTTP Server
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message