Re: Apache mod_ssl off-by-one vulnerability
From: H D Moore (sflist@digitaloffense.net)Date: 06/27/02
- Previous message: CSICONdotNET: "Reminder Announcement - CSICON.NET"
- In reply to: Jedi/Sector One: "Apache mod_ssl off-by-one vulnerability"
- Next in thread: Ken.Williams@ey.com: "Re: Apache mod_ssl off-by-one vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: H D Moore <sflist@digitaloffense.net> To: Jedi/Sector One <j@pureftpd.org>, bugtraq@securityfocus.com Date: Wed, 26 Jun 2002 21:46:12 -0500
Just to confirm, the bug exists in 2.8.9 and earlier? The first part of the
advisory mentions 2.4.9, so a casual reader may assume they are unaffected if
they don't read all the way to the bottom...
On Monday 24 June 2002 15:47, Jedi/Sector One wrote:
> Product: mod_ssl - http://www.modssl.org/
> Date: 06/24/2002
> Summary: Off-by-one in mod_ssl 2.4.9 and earlier
[ snip ]
> The mod_ssl development team was very reactive and a new version has just
> been released. mod_ssl 2.8.10 addresses the vulnerability and it is
> freely available from http://www.modssl.org/ . Upgrading from an earlier
> release is painless.
- Previous message: CSICONdotNET: "Reminder Announcement - CSICON.NET"
- In reply to: Jedi/Sector One: "Apache mod_ssl off-by-one vulnerability"
- Next in thread: Ken.Williams@ey.com: "Re: Apache mod_ssl off-by-one vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
