October 11, 2000

Security update to Apache

Author: JT Smith

LWN.net has an advisory: "There are two vulnerabilities in the Apache web server as shipped
with Conectiva Linux.

1) Under certain configurations, the mod_rewrite module could be used
to access any file on the server, provided that filesystem access
rights permitted that. Now the mod_rewrite module makes a one-pass
expansion and is no longer vulnerable to this.

2) The other vulnerability is regarding the handling of Host: headers
in mass virtual hosting configurations. The check for dot (".")
charactes in that header was not complete and could permit access to
a parent directory."


  • Linux
Click Here!