Greetings William,
On Thu, Sep 10, 2009 at 8:18 PM, William A. Rowe, Jr.
wr...@rowe-clan.netwrote:
No, you misinterpreted; the application developer must expose a DoS/memory
exhaustion vector; where that exists, and the affected version of APR
is used, and the information written to the
Hello,
I run apache 2.2.9 apache 2.2.11 both with apr-1.2.11p2
apr-util-1.2.10p2
According to the CVE at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 only 0.9.x and
1.3.x are affected . Could anybody confirm that this is so? If not.. how
bad is this vulnerability to a
David Taveras wrote:
I run apache 2.2.9 apache 2.2.11 both with apr-1.2.11p2
apr-util-1.2.10p2
According to the CVE at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 only 0.9.x
and 1.3.x are affected . Could anybody confirm that this is so? If
not.. how bad is this
Hello William.
You mentioned as far as APR causing a DoS, how about the execution of
arbitrary code through apache as the CVE says..?
Thank you
Daniel
On Thu, Sep 10, 2009 at 6:54 PM, William A. Rowe, Jr.
wr...@rowe-clan.netwrote:
David Taveras wrote:
I run apache 2.2.9 apache 2.2.11
David Taveras wrote:
You mentioned as far as APR causing a DoS, how about the execution of
arbitrary code through apache as the CVE says..?
No, you misinterpreted; the application developer must expose a DoS/memory
exhaustion vector; where that exists, and the affected version of APR
is used,