httpd security patch

Kevin 'Kev' Hughes (kevinh)
Mon, 28 Mar 94 09:28:59 PST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lou Montulli: "Re: heretical suggestion"
Previous message: Denys Duchier: "Re: A Truly Heretical Suggestion"

> A vulnerability has been identified with NCSA httpd 1.1's access
> control. The impact of this is that if you have files which are
> protected by httpd's access control via the global ACF access.conf,
> the protection can be circumvented and access can be gained to the
> files regardless of the client's DNS hostname, host IP address, or
> HTTP user name.

Just so everyone knows, EIT's server and the CommerceNet server
have been patched.

-- Kev

Next message: Lou Montulli: "Re: heretical suggestion"
Previous message: Denys Duchier: "Re: A Truly Heretical Suggestion"