Re: Apache 1.3.7 (RH73) question wrt CVEs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Eisenstein wrote:
On Thu, 11 May 2006, Jim Popovitch wrote:

In another arena I saw a list of CVEs against Apache 1.3.7. RH73 ships with Apache 1.3.7-9 so I thought I would query BZ and see what I could find of these. (I am a BZ newbie when it comes to queries).

CVE-2002-1233 Apache HTTP Server htpasswd and htdigest Multiple Vulnerabilities

CVE-2004-0748, CVE-2004-0751 Apache HTTP Server mod_ssl Denial of Service

CVE-2003-0083, CVE-2003-0020 Linux/Unix: Apache Escape Sequence Vulnerabilities

CVE-2003-0993 Apache mod_access Security Bypass

CVE-2004-0700 Apache mod_ssl Format String Vulnerability


Unfortunately I couldn't find any of those in the Comments under Apache for Fedora Legacy Redhat 7.3. I can't believe that all of those aren't addressed, so lack of query results suggests to me that I am missing something. Some of those CVE/CANs are several years old, but wouldn't the still be in BZ comments somewhere?

It appears that Red Hat Linux 7.3 shipped with apache-1.3.23-11...  I
don't know what shipped with apache-1.3.7 ...  From Fedora Legacy's
archives, RHL 7.3's apache was shipped on 16-Apr-2002.

The latest update for Red Hat 7.3's apache appears to have been released by the Fedora Legacy project on 18-Feb-2006 and is apache-1.3.27-9.legacy.

Thank you David for the insight as well as the ground work on going through all of those. It wasn't my intention to have you or someone else do that, but I do appreciate your doing so. Apologies for specifying apache-1.3.7, that was a copy/paste error, I meant apache-1.3.27.

Again, Thank you for digging through all of that.

-Jim P.




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux