On Jan 9, 2008 3:05 PM, John T. Mills <[EMAIL PROTECTED]> wrote:
>
>
> I'm running 2.2.4 and I've been told I need to manually tweak mod_rewrite.c
> to fix CVE-2007-3008.  I can't find any mention of this bug in the bug list.

I love the "I've been told" stuff. Who told you this, and do they know
what they are talking about?

You won't find CVE-2007-3008 listed anywhere because it is not related
to apache. It is for the Mbedthis AppWeb:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3008

It also doesn't look to be a serious problem in the first place. The
"TRACE" method is not really a security vulnerability. It can be
turned off in apache with the
TraceEnable off
directive.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to