On Thu, Jun 10, 2004 at 04:46:45PM +0100, Mark J Cox wrote:
>
> An official patch to correct this issue is available. See:
> http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=108687304202140
>
the apache guys and chix produced an official patch in two calendar days
after initial report.
m$ s
We have assigned CAN-2004-0492 to this issue.
The flaw affects Apache httpd 1.3.26 to 1.3.31 inclusive that have
mod_proxy enabled and configured. Apache httpd 2.0 is unaffected.
The security issue is a buffer overflow which can be triggered by getting
mod_proxy to connect to a remote server whi
Georgi Guninski security advisory #69, 2004
Buffer overflow in apache mod_proxy,yet still apache much better than windows
Systems affected:
modproxy from apache 1.3.31 and earlier
Risk: Unknown - at least a crash, exploitability unknown
Date: 10 June 2004
Legal Notice:
This Advisory is Copyrig