Seaman aman nya suatu product, selagi buatan manusia masih bisa di bobol ama manusia juga, yang pernah saya baca Apache 1.3.19 di OpenBSD 2.9 bisa di exploit dengan mengunakan remote exploit, sayang tadi cari cari berita nya nggak dapet lagi. setelah hole di OpenSSH, Sekarang juga lagi hangat-hangatnya pada bicarain hole di apache,
Apache mod_usertrack Predictable ID Generation Vulnerability Apache is a popular open-source HTTP server in wide use across the Internet. Apache ships with a module called 'mod_usertrack'. This module contains code to generate unique identifiers for individual web sessions and requests. The session IDs that are generated are not not random. They are generated using the IP address of the client, the system time and the server process ID. These IDs are not meant to be used for authentication purposes. Any applications that rely on these IDs for authentication may be vulnerable to ID prediction attacks. It should be noted that this is not a vulnerability in Apache. This is only a vulnerability when an application uses these IDs to track authenticated users. hal ini di alami pada apache versi Apache Apache 1.3.11 Apache Apache 1.3.12 Apache Apache 1.3.14 Apache Apache 1.3.17 Apache Apache 1.3.18 Apache Apache 1.3.19 Apache Apache 1.3.20 sekarang tergantung kita sebagai brainware nya, mana yang paling kita kuasai ----- Original Message ----- From: "rootman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, December 15, 2001 10:25 AM Subject: [admin] Re: hole apache (was Re: [admin] How Hack Web server ISS) > apache win/*nix ? hole yg gimana nih ? remote hole ? ato lokal ? > bisa minta keterangan lebih lanjut ttg holes apache yg dimaksud ? > setahu saya apache sangat aman... blm pernah hole... > terimakasih, > rootman http://www.mafialinux.net ICQ : 124737863 MSN : [EMAIL PROTECTED] YMSG : Dewa_Saraft -- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3
