Vulnerability: Apache HTTP Server Remote Compromise - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Vulnerability: Apache HTTP Server Remote Compromise

  1. #11
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Well, according to the advisory on http://www.cert.org/advisories/CA-2002-17.html, it can lead to a compromise of content as well as to a denial of service condition. It also specifically mentions that UNIX versions of apache are vulnerable as well.

    Furthermore, it also mentions that the patch supplied by ISS is geared towards WIN32 Apache and will not fix the UNIX versions and that is generally a bad idea to apply the patch.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  2. #12
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Post of the all the politics behind this are posted in this thread.

    Gotta love ISS in their quest to sell product... expecting to see an announcement at any moment, "ISS Successfully detects attempts to exploit this vulnerability and immediately shuts down the connection." (of course, they never tell you that people can use that feature in their code to successfully DoS a company stupid enough to use that "automatic feature")
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  3. #13
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Oh the ironi: AO runs both Apache and ISS's RealSecure

    Ammo
    Credit travels up, blame travels down -- The Boss

  4. #14
    Junior Member illv's Avatar
    Join Date
    Sep 2001
    Posts
    28
    apache for windows? wow... god that must suck

    illv//
    illv // seen the digital world from monochrome dial up to what it is today.

  5. #15
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Originally posted here by illv
    apache for windows? wow... god that must suck

    illv//
    In much the same way that anything for Winblowz sucks, except for maybe things like UT and similiar. But, Apache on Winblowz sucks less than IIS on anything.
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  6. #16
    Senior Member
    Join Date
    Jul 2001
    Posts
    343
    The site www.antionline.com is running Apache/1.3.22 on Windows 2000
    According to Netcraft....

    Well don't feel to bad JP, I use W2K, W-XP Pro, and Linux version of Apache
    on a bunch of different boxes... No I do not use IIS, I may use MS OS for some
    of my servers, BUT I AM NOT NUTS!!! (I hope!)

    Now if the patch is released soon... I'll be a HAPPY Camper!!!

    NOW If they can patch the spammers, so they go away!!!
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

  7. #17
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Hum, AO runs on Sun I believe...

    Ammo
    Credit travels up, blame travels down -- The Boss

  8. #18
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Posted on Apache.Org:

    The Apache Software Foundation has released versions 1.3.26 and 2.0.39 to address and fix this issue. These version are available for download; see below.
    Crisis solved. How long did it take M$ to fix IIS?
    /* You are not expected to understand this. */

  9. #19
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    LOL.. anyone wanna compromise AntiOnline?

  10. #20
    Senior Member
    Join Date
    Sep 2001
    Posts
    110
    Originally posted here by s0nIc
    LOL.. anyone wanna compromise AntiOnline?
    you lead the way, s0nIc, and i definitely won't follow!

    perhaps some L337 h4x0r-wannabes will try. will the intrusion attempts link show them?

    regards,
    mark.
    \'hi, welcome to *****. if you would like to speak to an operator, please hang up now.\'
    * click *

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •