> -----Original Message----- > From: Joe Orton [mailto:[email protected]] > Sent: Montag, 5. September 2011 15:21 > To: [email protected] > Cc: [email protected] > Subject: Re: CVE-2003-1418 - still affects apache 2 current > > On Thu, Sep 01, 2011 at 06:27:35PM +0200, "Plüm, Rüdiger, > VF-Group" wrote: > > Can't find the discussion either, but I remember that it > was not seen > > as a security issue. For those still concerned about this, > the advice > > was as you said "FileETag -INode". So IMHO no need for a patch here > > except for documentation and default config > > Ah - I found the discussion, it was on security@. > > Tomas (CC'ed) pointed out that CVE-2003-1418 also covers the > fact that > the byterange filter leaks pids. I don't think that is worth > treating > as a vulnerability, either; but I changed it in r1165268 > anyway - that > is still leaking some MPM-specific data, but it doesn't seem > worth going > to any more effort. > > => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418 > > Is there consensus to treat the issues described there as not being > security-sensitive? If so we can probably put tihs on the > vulnerability > list is as a not-a-bug as an "official statement". >
+1 Regards Rüdiger
