+On Thursday 04 July 2002 10:56 am, Rick wrote: +> Hi, +> Though i have applied the patch for apache2 +> it still shows as +> +> [root init.d]# httpd -v +> Server version: Apache/1.3.20 Sun Cobalt (Unix) +> Server built: Jun 20 2002 19:23:53 +> + +Yes, but look at the DATE + +-- +Gerald Waugh
The date is also correct: On a patched Raq4: Server version: Apache/1.3.20 Sun Cobalt (Unix) Server built: Jun 20 2002 19:23:53 Pre-patch: Server version: Apache/1.3.20 Sun Cobalt (Unix) Server built: Jul 23 2001 14:55:10 First announcement to BugTraq of Apache bug: June 17 2002 (see below) -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Advisory June 17, 2002 Remote Compromise Vulnerability in Apache HTTP Server Synopsis: ISS X-Force has discovered a serious vulnerability in the default version of Apache HTTP Server. Apache is the most popular Web server and is used on over half of all Web servers on the Internet. It may be possible for remote attackers to exploit this vulnerability to compromise Apache Web servers. Successful exploitation may lead to modified Web content, denial of service, or further compromise. <snip>- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
