httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Apache 2.2.8 mod_ssl Vulnerability Notification Assistance
Date Mon, 21 Apr 2008 17:16:16 GMT
On Mon, Apr 21, 2008 at 1:02 PM, Mark A Christofferson <mchris3@lsu.edu> wrote:

> I am currently running the Apache 2.2.8 port on the FreeBSD 6.3 platform
> with mod_ssl enabled.  I received the following vulnerability scan results
> from my organization:
>
>
>
> Vulnerability:  mod_ssl Off-By-One HTAccess Buffer Overflow Vulnerability
>
> Risk Level:
>
> Signature Group: Safe
>
> Description: The remote host is using a version of mod_ssl which is older
> than 2.8.10. This version is vulnerable

The mod_ssl in apache httpd 2.x is not the same as the one used in 1.3
(although the former was originally based on the latter). The bug in
question never existed in 2.x.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message