Bugtraq mailing list archives
Re: Apache mod_ssl off-by-one vulnerability
From: H D Moore <sflist () digitaloffense net>
Date: Wed, 26 Jun 2002 21:46:12 -0500
Just to confirm, the bug exists in 2.8.9 and earlier? The first part of the advisory mentions 2.4.9, so a casual reader may assume they are unaffected if they don't read all the way to the bottom... On Monday 24 June 2002 15:47, Jedi/Sector One wrote:
Product: mod_ssl - http://www.modssl.org/ Date: 06/24/2002 Summary: Off-by-one in mod_ssl 2.4.9 and earlier
[ snip ]
The mod_ssl development team was very reactive and a new version has just been released. mod_ssl 2.8.10 addresses the vulnerability and it is freely available from http://www.modssl.org/ . Upgrading from an earlier release is painless.
Current thread:
- Apache mod_ssl off-by-one vulnerability Jedi/Sector One (Jun 26)
- Re: Apache mod_ssl off-by-one vulnerability H D Moore (Jun 27)
- <Possible follow-ups>
- Re: Apache mod_ssl off-by-one vulnerability Ken . Williams (Jun 28)
- Re: Apache mod_ssl off-by-one vulnerability Jedi/Sector One (Jun 29)
- Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
- Re: Apache mod_ssl off-by-one vulnerability Jedi/Sector One (Jun 29)