Apache Chunk Handling Roundup
by Berislav Kucan - revised on 20 June 2002


Robert Lemos - rob.lemos(a)cnet.com article on CNET

Chris Rouland, director of ISS's research and development team, known as X-Force, maintains that the company did the right thing when it released an advisory on the issue and included a patch as well. "We are competing with the 10 million hackers out there, who are trying to break in to Web servers," he said. "The hackers were the real ones that were ticked off that we released the advisory. That's one less exploit that they could use."

Read this article on CNET (http://www.cnet.com/investor/news/newsitem/0-9900-1028-20051547-0.html).


3) Solutions and patches

ISS X-Force has developed a patch for "Remote Compromise Vulnerability in Apache HTTP Serve" issue. The patch is available from the ISS advisory located on the top of this paper.

(Please note that the patch provided by ISS does not correct the vulnerability found by NGSSoftware).



CERT advice: The Apache Software Foundation has released two new versions of Apache that correct this vulnerability. System administrators can prevent the vulnerability from being exploited by upgrading to Apache version 1.3.25 or 2.0.39. The new versions of Apache will be available from their web site at http://httpd.apache.org/

Update: Version 1.3.26 is available to download as of 19.06.2002.

Update: New version of mod_ssl was released and is available on the following address:
http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

4) Vendor security advisories

Vendor: SGI
Vulnerable: SGI is currently investigating this security issue
Advisory: http://www.net-security.org/advisory.php?id=776



Vendor: Debian
Vulnerable: Debian GNU/Linux 2.2
Advisory: http://www.net-security.org/advisory.php?id=778



Vendor: Debian
Vulnerable: Debian GNU/Linux 2.2 - revised advisory
Advisory: http://www.net-security.org/advisory.php?id=783



Vendor: Debian
Vulnerable: Debian GNU/Linux 2.2 - (apache-ssl advisory)
Advisory: http://www.net-security.org/advisory.php?id=784



Vendor: EnGarde Linux
Vulnerable: EnGarde Secure Linux
Advisory: http://www.net-security.org/advisory.php?id=779



Vendor: SuSE
Vulnerable: SuSE Linux 6.4-8.0, SuSE Linux Database Server, SuSE eMail Server III and SuSE Linux Enterprise Server
Advisory: http://www.net-security.org/advisory.php?id=780



Vendor: Conectiva
Vulnerable: Conectiva Linux 6.0-8
Advisory: http://www.net-security.org/advisory.php?id=781

Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //