On Mon, Apr 21, 2008 at 1:02 PM, Mark A Christofferson <mchris3@xxxxxxx> wrote: > I am currently running the Apache 2.2.8 port on the FreeBSD 6.3 platform > with mod_ssl enabled. I received the following vulnerability scan results > from my organization: > > > > Vulnerability: mod_ssl Off-By-One HTAccess Buffer Overflow Vulnerability > > Risk Level: > > Signature Group: Safe > > Description: The remote host is using a version of mod_ssl which is older > than 2.8.10. This version is vulnerable The mod_ssl in apache httpd 2.x is not the same as the one used in 1.3 (although the former was originally based on the latter). The bug in question never existed in 2.x. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|