Printable View
Well, according to the advisory on http://www.cert.org/advisories/CA-2002-17.html, it can lead to a compromise of content as well as to a denial of service condition. It also specifically mentions that UNIX versions of apache are vulnerable as well.
Furthermore, it also mentions that the patch supplied by ISS is geared towards WIN32 Apache and will not fix the UNIX versions and that is generally a bad idea to apply the patch.
Post of the all the politics behind this are posted in this thread.
Gotta love ISS in their quest to sell product... expecting to see an announcement at any moment, "ISS Successfully detects attempts to exploit this vulnerability and immediately shuts down the connection." (of course, they never tell you that people can use that feature in their code to successfully DoS a company stupid enough to use that "automatic feature")
Oh the ironi: AO runs both Apache and ISS's RealSecure ;)
Ammo
apache for windows? wow... god that must suck :)
illv//
In much the same way that anything for Winblowz sucks, except for maybe things like UT and similiar. But, Apache on Winblowz sucks less than IIS on anything.Quote:
The site www.antionline.com is running Apache/1.3.22 on Windows 2000
According to Netcraft....
Well don't feel to bad JP, I use W2K, W-XP Pro, and Linux version of Apache
on a bunch of different boxes... No I do not use IIS, I may use MS OS for some
of my servers, BUT I AM NOT NUTS!!! (I hope!)
Now if the patch is released soon... I'll be a HAPPY Camper!!!
NOW If they can patch the spammers, so they go away!!!
Hum, AO runs on Sun I believe...
Ammo
Posted on Apache.Org:
Crisis solved. How long did it take M$ to fix IIS? :DQuote:
The Apache Software Foundation has released versions 1.3.26 and 2.0.39 to address and fix this issue. These version are available for download; see below.
LOL.. anyone wanna compromise AntiOnline?
you lead the way, s0nIc, and i definitely won't follow!Quote:
perhaps some L337 h4x0r-wannabes will try. will the intrusion attempts link show them?
regards,
mark.