On Fri, Mar 24, 2006 at 05:51:04PM +0100, kcope wrote: > Hello, > > mod_ssl: > /httpd-2.0.48/modules/ssl/ssl_engine_kernel.c (also in 2.0.55) > proto: > ap_log_error(constchar*file,intline,intlevel,apr_status_tstatus,constserver_rec*s,constchar*fmt,...) > > > code: ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, buff); > is this exploitable?
Not considered exploitable by the Apache team. http://issues.apache.org/bugzilla/show_bug.cgi?id=30585 Ciao, Marcus _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
