Привет
Вот случайно наткнулся ... самое интересное что об этом вроде никто
громко не говорил ... или это я почту почту после отпуска невнимательно читал :-)
> Apache 1.3.20 - 1.3.22 Major changes
>
> Security vulnerabilities
>
> * A vulnerability was found in the Win32 port of Apache 1.3.20. A
> client submitting a very long URI could cause a directory listing
> to be returned rather than the default index page. A 403 Forbidden
> will now be returned. CAN-2001-0729
> * A vulnerability was found in the split-logfile support program. A
> request with a specially crafted Host: header could allow any file
> with a .log extension on the system to be written to. PR#7848
> CAN-2001-0730
> * A vulnerability was found when Multiviews are used to negotiate
> the directory index. In some configurations, requesting a URI with
> a QUERY_STRING of M=D could return a directory listing rather than
> the expected index page. CAN-2001-0731
>
> The security issues above have been assigned standardized names, CAN-
> by the Common Vulnerabilities and Exposures project (cve.mitre.org)
--
Dimitry
=============================================================================
= Apache-Talk@xxxxxxxxxxxxx mailing list =
Mail "unsubscribe apache-talk" to majordomo@xxxxxxxxxxxxx if you want to quit.
= Archive avaliable at http://www.lexa.ru/apache-talk =
"Russian Apache" includes software developed
by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/) See
Apache LICENSE.
Copyright (C) 1995-2001 The Apache Group. All rights reserved.
Copyright (C) 1996 Dm. Kryukov; Copyright (C)
1997-2009 . Design (C) 1998 Max Smolev.
