LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-30-2006, 09:09 PM   #1
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Warn: Apache Mod-Rewrite vulnerability


An off-by-one vulnerability has been identified in the Apache web server (including 1.3, 2.0 and 2.2 branches). Under certain conditions a remote attacker may execute arbitrary code with priviledges of the web server user. Successful exploitation of this vulnerability requires that the ReWrite Engine be turned "on" and rewrite rules that do not use the F,G, or NE flags. Certain compilation parameters are also required and not all vendors are affected by this issue. All Apache users are recommended to check whether their version is affected (see the first link below) and upgrade to current release versions from their vendors if necessary. See the following advisories for more information.


http://www.kb.cert.org/vuls/id/395412
http://secunia.com/advisories/21197/
http://www.apache.org/dist/httpd/Announcement2.0.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
WARN: RealVNC Vulnerability Capt_Caveman Linux - Security 6 05-22-2006 09:16 PM
compile apache source rpm with mod rewrite robertngo Linux - Software 3 07-21-2005 04:44 AM
WARN PHP Vulnerability Capt_Caveman Linux - Security 0 07-04-2005 05:38 PM
WARN: Samba Vulnerability Capt_Caveman Linux - Security 0 12-17-2004 11:59 PM
apache mod rewrite Robert0380 Linux - Software 5 07-31-2003 05:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration