On 11/29/05, syona m <syona2k@xxxxxxxxx> wrote: > I understood what you had explained but still I wanna test it to see whether > my application is impacted. I am looking for steps in which I can test > whether this vulnerability is exposed at my server. Given that you are running 1.3.29, the "vulnerability" is definitely there. Just make a request for http://yoursite.example.com/?arbitrary-escape-sequence-here and then view it in the access_log. That won't prove anything useful, of course. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|