Apache 1.3.x proxy hole
Uwe Doering
gemini at geminix.org
Wed Jul 7 23:41:51 PDT 2004
Joe Hamelin wrote:
> Techworld is reporting that: "The bug affects Apache 1.3.x
> installations configured to act as proxy servers, which relay requests
> between a Web browser and the Internet. When a vulnerable server
> connects to a malicious site, a specially-crafted packet can be used
> to exploit the vulnerability, according to security researcher Georgi
> Guninski, who has publicly released exploit code."
>
> http://bsdnews.com/view_story.php3?story_id=4628
>
> http://www.techworld.com/opsys/news/index.cfm?newsid=1814&page=1&pagepos=2
>
> Does anyone know of a FreeBSD patch for this out yet?
The links in the respective advisories lead to GG's advisory #69. A fix
for that went into the Apache 1.3.x port (www/apache13) on June 11,
2004. So this in fact appears to be old news.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-isp
mailing list