Re: [Full-Disclosure] Apache 1.3.29

[Jarrod SMith]

They might have used an apache user discosure bug that allows you to check user names vs. passwords.. I think it's made by w00w00. It will check the user names and passes, if it finds one that works it will login via FTP to make sure.      ----- Original Message ----- From: VeNoMouS To: [EMAIL PROTECTED] Sent: Thursday, March 11, 2004 2:38 PM Subject: [Full-Disclosure] Apache 1.3.29 any one know if theres a new exploit for apache 1.3.29 in the wild one of my mates boxes was breached this morning by ir4dex appears they gained axx via apache then got root via mmap()