Security warning too quick for comfort?
Network protection company Internet Security Systems published a security advisory for Apache, the Internet's most popular Web server, and gave the Apache Foundation, which created the software, less than two hours to respond.
Considering the potential seriousness of the issue, the company's public announcement of the problem without first talking to the Apache developers wasn't responsible, said Mark Cox, a founding member of the Apache Foundation.
[ Read more ]
- Article: Apache Chunk Handling Roundup (18 June 2002)
- Advisory: Apache Web Server Chunk Handling Vulnerability (18 June 2002)
- Vulnerability: Apache httpd: Vulnerability With Chunked Encoding (18 June 2002)
- Vulnerability: Remote Compromise Vulnerability in Apache HTTP Server (18 June 2002)