[us...@httpd] about apache.2.14 dependancy to db package..? needed?

Hello, When installing apache2.2 from binary packages in my OS ive seen that it is dependant of theBerkeley DB package. Is this actually needed by the apache core? or is it a result of enabling a certain module i can actually disable?? Where could i get the list of dependencies for a minimal

[us...@httpd] example configure line.. does it actually make sense?

Hello, I have this configure line: CONFIGURE_ARGS+= --prefix=${HTTPD_DIR} \ --exec-prefix=${LOCALBASE} \ --sysconfdir=${CONFDIR} \ --with-apr=${LOCALBASE}/bin/apr-1-mt-config \

[us...@httpd] apache 2.2.13 SSL renegotiation vulnerability

Hello, Ive seen that 2.2.14 comes with a patch for the recent SSL renegotiation vulnerability. Could anybody tell me if there is a patch available for apache 2.2.13 .. iam not ready to update yet. Thank you. David - The

[us...@httpd] How to read a GET VAR into mod_headers

Hello, A portion of our users are coming in our sites with a query string get var. I want to read that VAR and convert it to a cookie for permanent use in the future. How do I read a get var and pass it to mod_headers ? Btw, for those of you who wonder why we are not doing this with mod_rewrite

Re: [us...@httpd] About apache2 vulnerability with apr and apr-utils. How bad is it?

Greetings William, On Thu, Sep 10, 2009 at 8:18 PM, William A. Rowe, Jr. wr...@rowe-clan.netwrote: No, you misinterpreted; the application developer must expose a DoS/memory exhaustion vector; where that exists, and the affected version of APR is used, and the information written to the

[us...@httpd] About apache2 vulnerability with apr and apr-utils. How bad is it?

Hello, I run apache 2.2.9 apache 2.2.11 both with apr-1.2.11p2 apr-util-1.2.10p2 According to the CVE at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 only 0.9.x and 1.3.x are affected . Could anybody confirm that this is so? If not.. how bad is this vulnerability to a

Re: [us...@httpd] About apache2 vulnerability with apr and apr-utils. How bad is it?

Hello William. You mentioned as far as APR causing a DoS, how about the execution of arbitrary code through apache as the CVE says..? Thank you Daniel On Thu, Sep 10, 2009 at 6:54 PM, William A. Rowe, Jr. wr...@rowe-clan.netwrote: David Taveras wrote: I run apache 2.2.9 apache 2.2.11

[us...@httpd] mod_rewrite cookies apache 1.3.. known problem?

Hello, I have a site that uses mod_rewrite for URLs... id like to include a tracking cookie for users that are entering via URLs made by mod_rewrite. The problem is that the cookie isnt getting passed through the mod_rewrite URL. Ive been told (and tested) that Apache2 mod_rewrite does indeed

[us...@httpd] Apache 2.2.9 known vulnerabilities?

Hello, Iam still a user of apache 2.2.9 and wish to know what vulnerabilites this version is exposed to aisde from: CVE-2008-2939 Is there any site, where I can get an accurate listing? CVE site seems confusing and I just wonder if there is something more practical. Thank you. Daniel