Slashdot Mirror


SecurityFocus Updates 2 Apache Vulnerabilities

michael path writes "SecurityFocus released two updated Apache vulnerabilities, one affecting 2.0.x (a DOS vulnerability), the other affecting both the 1.3.x and 2.0.x revisions (a buffer overflow). IBM HTTP Server is also affected by these vulnerabilities in similar version numbers."

2 of 15 comments (clear)

  1. phew by roll_w.it · · Score: 5, Informative

    from my logs [Mon Apr 12 16:29:53 2004] [error] [client 64.229.154.62] request failed: URI too long

    from the article
    not vulnerable Apache Software Foundation
    Apache 1.3.29
    Apache Software Foundation Apache 2.0.48
    + Trustix Secure Linux 2.0
    + Trustix Secure Linux 2.1

    From my machine $ httpd -v
    Server version: Apache/1.3.29 (Unix)
    Server built: Nov 3 2003 19:54:39

  2. Old news by slive · · Score: 5, Informative

    These are both rather old.

    If you want more complete information about
    apache security issues, a better source is
    http://www.apacheweek.com/features/security-20
    and
    http://www.apacheweek.com/features/security -13