[wp-hackers] Apache2 Security Update

Scott Merrill skippy at skippy.net
Fri Jul 8 14:01:19 GMT 2005


Dougal Campbell wrote:
> Those of you running Apache2 should update to version 2.1.6:

2.1.6 is the unstable branch.  Don't upgrade to the unstable branch
unless you know what you're doing.

> http://www.whitedust.net/speaks/825/Apache%20Request%20Smuggling%20Vulnerability/

The actual vulnerability seems only to apply to systems running
mod_proxy, or behind proxies of some other sort.  The exploit involves
multiple systems speaking to one another, each handling Content-Length
differently.

If you're not behind a proxy, you're not vulnerable to this exploit,
from what I understand.

-- 
skippy at skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35


More information about the wp-hackers mailing list