Can someone clarify for me, please (not directly debian related, I know,
but...) - the patches appear to only be to the chunk-encoding functions
in mod_proxy. If mod_proxy isn't loaded, is apache still vulnerable?
KJL
On Thu, 2002-06-20 at 20:30, Paul Hosking wrote:
On Wed, 2002-06-19 at
Can someone clarify for me, please (not directly debian related, I know,
but...) - the patches appear to only be to the chunk-encoding functions
in mod_proxy. If mod_proxy isn't loaded, is apache still vulnerable?
its not just mod_proxy, apache was vulnerable regardless
--
Jamie Heilman
Hello
On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote:
its not just mod_proxy, apache was vulnerable regardless
BTW: in the case that mod_proxy is not loaded: is it enough to just
backport the get_chunk_size function from http_protocol.c (like in the
file
Christian Hammers wrote:
On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote:
its not just mod_proxy, apache was vulnerable regardless
BTW: in the case that mod_proxy is not loaded: is it enough to just
backport the get_chunk_size function from http_protocol.c (like in the
file
On Wed, 2002-06-19 at 06:57, René Seindal wrote:
If you use 32 bit machines you are 'only' vulnerable to a DoS attack,
not a real compromise of your servers.
Apache version 1.3.24 is vulnerable. The later version 1.3.26 is a
security fix to this issue and it would seem it shall be available
Hi folk,
We have some machine with testing and the version of the Apache on those
servers is 1.3.24-3. I would like to know if this version of apache
debian is also vulnerable. I've checked the announcement sent about the
patch but didn't find inside the patch for this version. As the advisory
On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote:
Hi folk,
We have some machine with testing and the version of the Apache on those
servers is 1.3.24-3. I would like to know if this version of apache
debian is also vulnerable. I've checked the announcement sent about the
patch
René Seindal wrote:
On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote:
Hi folk,
We have some machine with testing and the version of the Apache on those
servers is 1.3.24-3. I would like to know if this version of apache
debian is also vulnerable. I've checked the
8 matches
Mail list logo