Subject: Re: www/apache*
To: Ignatios Souvatzis <email@example.com>
From: None <firstname.lastname@example.org>
Date: 06/18/2002 22:15:49
>> beware - www/apache* ARE NOT SECURE YET. we are still awaiting for
>> apache.org to issue a new release.
>doesn't the bad part (> denial-of-service) only apply to 64 bit architectures?
from CERT advisory, i'm not sure. (it doesn't say that 32bit arch
For Apache versions 1.3 through 1.3.24 inclusive, this vulnerability
may allow the execution of arbitrary code by remote attackers. Several
sources have reported that this vulnerability can be used by intruders
to execute arbitrary code on Windows platforms. Additionally, the
Apache Software Foundation has reported that a similar attack may
allow the execution of arbitrary code on 64-bit UNIX systems.
For Apache versions 2.0 through 2.0.36 inclusive, the condition
causing the vulnerability is correctly detected and causes the child
process to exit. Depending on a variety of factors, including the
threading model supported by the vulnerable system, this may lead to a
denial-of-service attack against the Apache web server.