Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0 r00ted on NetWare, Windows, OS/2

Posted by Hemos on from the cracking-it dept.

An anonymous reader writes "A flaw in Apache 2.0's interpretation of the backslash delimiter allows for a remote r00ting on NetWare, Windows, and OS/2. InfoWorld has an overview; the attack was discoverd by PivX's Auriemma Luigi, and he describes it in this technical document. I don't know whether there is such a thing as an OS/2 shop anymore, and most Microsoft shops probably run IIS, but Apache now ships as the default web server for NetWare 6, so Novell shops: Take note. A patch is available from Apache, and Luigi describes a workaround in his article."

1 of 58 comments (clear)

  1. It'sa me! by Anonymous Coward · · Score: 0, Offtopic

    ...and Luigi describes a workaround in his article.

    Mama mia!

    Mario? MARIO!

    Someone get that man a dustbuster, there's a mansion full of ghosts he should know about!