From owner-freebsd-security  Thu Nov 26 08:19:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA11119
          for freebsd-security-outgoing; Thu, 26 Nov 1998 08:19:02 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gilberto.physik.RWTH-Aachen.DE (gilberto.physik.rwth-aachen.de [137.226.30.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA11114
          for <freebsd-security@freebsd.org>; Thu, 26 Nov 1998 08:19:00 -0800 (PST)
          (envelope-from kuku@gilberto.physik.RWTH-Aachen.DE)
Received: (from kuku@localhost)
	by gilberto.physik.RWTH-Aachen.DE (8.8.8/8.8.7) id RAA25745
	for freebsd-security@freebsd.org; Thu, 26 Nov 1998 17:19:08 +0100 (MET)
	(envelope-from kuku)
Date: Thu, 26 Nov 1998 17:19:08 +0100 (MET)
From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
Message-Id: <199811261619.RAA25745@gilberto.physik.RWTH-Aachen.DE>
To: freebsd-security@FreeBSD.ORG
Subject: cgi-bin/phf* security hole in apache
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Could someone explain the effect of the 'phf*' security hole
(severeness) in earlier apache versions? I detected someone
having tried to test it against my httpd on several machines
(net wide scan).

-- 
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de
http://blues.physik.rwth-aachen.de/hammond.html

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message