[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[VulnWatch] UNIRAS ALERT - 34/04 - Vulnerability Issues with Apache 2.0.x

To: vulnwatch@xxxxxxxxxxxxx
Subject: [VulnWatch] UNIRAS ALERT - 34/04 - Vulnerability Issues with Apache 2.0.x
From: "Richie B." <richie@xxxxxxxxxxxxxxxx>
Date: Wed, 15 Sep 2004 17:32:52 +0200

I did not see this here yet.

1. Through the testing of Apache by using the Codenomicon HTTP Test Tool, the ASF Security Team have discovered a bug in the apr-util library, which can lead to arbitrary code execution.

2. SITIC have discovered that Apache suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf, leading to possible privilege escalation.

http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3404.txt

Prev by Date: [VulnWatch] Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue
Next by Date: [VulnWatch] myServer 0.7 Directory Traversal Vulnerability
Previous by thread: [VulnWatch] Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue
Next by thread: [VulnWatch] myServer 0.7 Directory Traversal Vulnerability
Index(es):
- Date
- Thread