> This does not suprise me, as I sent a number of mails over a period of time > to security@apache.org detailing the issue with the relevant HTTP request as > early as the end of April with my first response to the issue received on > the 27th May from Manoj Kasichainula. > > Whether the issue was discovered and discussed independently, or whether the > mails I sent were distributed (and possibly redistributed) the damage has > already been done. > > Regards > > Mark Litchfield > www.ngssoftware.com > > > > ----- Original Message ----- > From: "Muhammad Faisal Rauf Danka" <mfrd@attitudex.com> > To: <bugtraq@securityfocus.com> > Sent: Tuesday, June 18, 2002 9:35 PM > Subject: Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP > Server > > > > This bug has already been mentioned on the public mailing list for Apache > which is here = > > http://groups.yahoo.com/group/new-httpd/message/36545 > > > > as we can see it was on Date: Tue May 28, 2002 5:22 pm. > > > > and the bug is fixed in CVS for Apache 2.0 > > this advisory is rather in form of a uniformed and questionable advisory. > > Surely ISS will get a lot of press for that. =) > > > > oh and Apache 1.3.26 and 2.0.39 are released, These versions are both > security and bug-fix releases. > > You can download them from: > > http://www.apache.org/dist/httpd/ > > > > > > > > Regards, > > --------- > > Muhammad Faisal Rauf Danka > > > > Chief Technology Officer > > Gem Internet Services (Pvt) Ltd. > > web: www.gem.net.pk > > > > Vice President > > Pakistan Computer Emergency Responce Team (PakCERT) > > web: www.pakcert.org > > > > Chief Security Analyst > > Applied Technology Research Center (ATRC) > > web: www.atrc.net.pk > > > > _____________________________________________________________ > > --------------------------- > > [ATTITUDEX.COM] > > http://www.attitudex.com/ > > --------------------------- > > > > _____________________________________________________________ > > Promote your group and strengthen ties to your members with > email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag > > > >
