Re: Apache chunk handling vulnerability and Apache 1.3.24-3

Can someone clarify for me, please (not directly debian related, I know, but...) - the patches appear to only be to the chunk-encoding functions in mod_proxy. If mod_proxy isn't loaded, is apache still vulnerable? KJL On Thu, 2002-06-20 at 20:30, Paul Hosking wrote: On Wed, 2002-06-19 at

Re: Apache chunk handling vulnerability and Apache 1.3.24-3

Can someone clarify for me, please (not directly debian related, I know, but...) - the patches appear to only be to the chunk-encoding functions in mod_proxy. If mod_proxy isn't loaded, is apache still vulnerable? its not just mod_proxy, apache was vulnerable regardless -- Jamie Heilman

Re: [d-security] Re: Apache chunk handling vulnerability and Apache 1.3.24-3

Hello On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote: its not just mod_proxy, apache was vulnerable regardless BTW: in the case that mod_proxy is not loaded: is it enough to just backport the get_chunk_size function from http_protocol.c (like in the file

Re: [d-security] Re: Apache chunk handling vulnerability and Apache 1.3.24-3

Christian Hammers wrote: On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote: its not just mod_proxy, apache was vulnerable regardless BTW: in the case that mod_proxy is not loaded: is it enough to just backport the get_chunk_size function from http_protocol.c (like in the file

Re: Apache chunk handling vulnerability and Apache 1.3.24-3

On Wed, 2002-06-19 at 06:57, René Seindal wrote: If you use 32 bit machines you are 'only' vulnerable to a DoS attack, not a real compromise of your servers. Apache version 1.3.24 is vulnerable. The later version 1.3.26 is a security fix to this issue and it would seem it shall be available

Apache chunk handling vulnerability and Apache 1.3.24-3

Hi folk, We have some machine with testing and the version of the Apache on those servers is 1.3.24-3. I would like to know if this version of apache debian is also vulnerable. I've checked the announcement sent about the patch but didn't find inside the patch for this version. As the advisory

Re: Apache chunk handling vulnerability and Apache 1.3.24-3

On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote: Hi folk, We have some machine with testing and the version of the Apache on those servers is 1.3.24-3. I would like to know if this version of apache debian is also vulnerable. I've checked the announcement sent about the patch

Re: Apache chunk handling vulnerability and Apache 1.3.24-3

René Seindal wrote: On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote: Hi folk, We have some machine with testing and the version of the Apache on those servers is 1.3.24-3. I would like to know if this version of apache debian is also vulnerable. I've checked the