June 18, 2002

Apache admins screwed by premature vuln report

"There's a controversy brewing over the announcement of a new Apache
vulnerability similar to the chunked encoding flaws in Microsoft IIS...

On Monday, Internet Security Systems (ISS) posted their discovery to the BugTraq
mailing list, without knowing the full extent of the flaw, and without giving
Apache.org time to investigate and develop a patch or even propose a workaround." More at The Register.


  • Security
Click Here!