Hosting Provided By

Bug#453783: apache2: CVE-2007-4465

From: Paul Szabo <psz(at)maths.usyd.edu.au>
Date: Sat Dec 01 2007 - 03:35:45 EST

Package: apache2
Severity: grave
Justification: user security hole

Seems to me that Debian (sarge or etch or even sid) apache packages are not yet patched against

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465

Seems to me that the obvious workarounds of turning Indexes off or having an index.html everywhere, protects just fine; and wonder why Apache does not say so.

Cheers,

Paul Szabo psz(at)maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia

System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm1.11 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

--

To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Received on Sat Dec 1 04:09:26 2007

This message: [ Message body ]
Next message: Debian Bug Tracking System: "Processed: Re: Bug#453783: apache2: CVE-2007-4465"
Previous message: Benoit Plessis: "Bug#453630: apache2: Major host parsing error in <Proxy balancer:/..> section"
Next in thread: Stefan Fritsch: "Bug#453783: apache2: CVE-2007-4465"
Reply: Stefan Fritsch: "Bug#453783: apache2: CVE-2007-4465"
Reply: Debian Bug Tracking System: "Bug#453783: marked as done (apache2: CVE-2007-4465)"
Reply: Debian Bug Tracking System: "Bug#453783: marked as done (apache2: CVE-2007-4465)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 02:59:05 EDT

Do you need help?