Results 1 to 5 of 5

Thread: Apache 1.3.26

  1. #1

    Apache 1.3.26

    if your cpu is invaded logout

    I'm currently running Apache1.3.26 an was thinking of using it as a web server.

    Is there any weakness in it or should I upgrade .

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Hmm...something strikes me as odd about this, you are currently running apache 1.3.26 and you are just now thinking of running it as a web server? If you aren't using a service you should turn it off, the more things you are running the more potential ways in for someone else. I have a few misgivings about this, but here is the answer:

    It is usually good to check the vendor's web site to find information like this, so :
    www.apache.org

    A good place to look for vendor version/vuln lists is on www.securityfocus.com, look around for apache, it is very good about discussing the nature of problems and what can be done to fix them.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Thanks for that advise,

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Latest release (of httpd) from the apache group is 1.3.27, but some vendors/distros are not there yet.

    1.3.27 is supposed to fix security flaws, but I'm uncertain of the implications of the fixes: I'm thinking of OpenBSD that doesn't even address what's refered in the 1.3.27 fix... Is it that the flaws fixed in 1.3.27 are platform dependent and openbsd isn't vulnerable? Anybody has info about that?

    Ammo
    Credit travels up, blame travels down -- The Boss

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    There are many possibilities, would require reading the discussion a little bit, but here goes for everything prior to 1.3.27 for this month for strictly apache (not modssl, apachessl, tomcat, etc ), as with most vulns, it depends on platform:

    http://online.securityfocus.com/bid/5996
    http://online.securityfocus.com/bid/5995
    http://online.securityfocus.com/bid/5847
    http://online.securityfocus.com/bid/5884 <-- seems to effect most vendors

    The new version more than likely addresses these problems.

    http://httpd.apache.org/

    Also explicitly lists several CAN's that are addressed as well.

    Happy reading,

    /nebulus

    EDIT: CVE--_>CAN
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •