Rob McCool (
Fri, 25 Mar 1994 10:02:46 --100

A vulnerability has been identified with NCSA httpd 1.1's access
control. The impact of this is that if you have files which are
protected by httpd's access control via the global ACF access.conf,
the protection can be circumvented and access can be gained to the
files regardless of the client's DNS hostname, host IP address, or
HTTP user name.

Any users of NCSA httpd 1.1 should pick up a patch from and
recompile httpd immediately. The distribution binaries and .tar files
have also been updated so that binary users can install a new copy of
the httpd binary and have the patch installed.

Thanks for your patience.


Rob McCool,
Software Development Group, National Center for Supercomputing Applications
It was working ten minutes ago, I swear...
<A HREF="">A must see.</A>