On 9/1/2011 10:23 AM, Marcus Meissner wrote: > On Thu, Sep 01, 2011 at 05:17:16PM +0200, Reindl Harald wrote: > .. >> mtime -> well, is directly in the header -> Last-Modified >> size -> well, directly in the header -> Content-Length >> inode -> well, where is there any security implication? > I could not directly think of one. > > The reason is just that there is a CVE entry that checkers check for > and every user of those checkers asks back from their vendors. > > A statement from Apache project that its not seen as security issue is > probably sufficient. > > Ciao, Marcus
This is a sane response to the "problem". I've been asking why this is a vulnerability for years and have yet to receive an answer... Maybe I haven't asked the right people. -- -- Daniel Ruggeri
