Re: Apache 1.3.x proxy hole
From: Uwe Doering (gemini_at_geminix.org)
Date: 07/08/04
- Previous message: Joe Hamelin: "Apache 1.3.x proxy hole"
- In reply to: Joe Hamelin: "Apache 1.3.x proxy hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 08 Jul 2004 08:41:48 +0200 To: freebsd-isp@freebsd.org
Joe Hamelin wrote:
> Techworld is reporting that: "The bug affects Apache 1.3.x
> installations configured to act as proxy servers, which relay requests
> between a Web browser and the Internet. When a vulnerable server
> connects to a malicious site, a specially-crafted packet can be used
> to exploit the vulnerability, according to security researcher Georgi
> Guninski, who has publicly released exploit code."
>
> http://bsdnews.com/view_story.php3?story_id=4628
>
> http://www.techworld.com/opsys/news/index.cfm?newsid=1814&page=1&pagepos=2
>
> Does anyone know of a FreeBSD patch for this out yet?
The links in the respective advisories lead to GG's advisory #69. A fix
for that went into the Apache 1.3.x port (www/apache13) on June 11,
2004. So this in fact appears to be old news.
Uwe
-- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Joe Hamelin: "Apache 1.3.x proxy hole"
- In reply to: Joe Hamelin: "Apache 1.3.x proxy hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
