Date: Thu, 08 Jul 2004 08:41:48 +0200 From: Uwe Doering <gemini@geminix.org> To: freebsd-isp@freebsd.org Subject: Re: Apache 1.3.x proxy hole Message-ID: <40ECECAC.4070407@geminix.org> In-Reply-To: <79db6ae04070711106e9f2e35@mail.gmail.com> References: <79db6ae04070711106e9f2e35@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Hamelin wrote: > Techworld is reporting that: "The bug affects Apache 1.3.x > installations configured to act as proxy servers, which relay requests > between a Web browser and the Internet. When a vulnerable server > connects to a malicious site, a specially-crafted packet can be used > to exploit the vulnerability, according to security researcher Georgi > Guninski, who has publicly released exploit code." > > http://bsdnews.com/view_story.php3?story_id=4628 > > http://www.techworld.com/opsys/news/index.cfm?newsid=1814&page=1&pagepos=2 > > Does anyone know of a FreeBSD patch for this out yet? The links in the respective advisories lead to GG's advisory #69. A fix for that went into the Apache 1.3.x port (www/apache13) on June 11, 2004. So this in fact appears to be old news. Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40ECECAC.4070407>