Hi guys,
Please see through this post and intimate your friends/others
working with the tools mentioned below with Apache.
Thanks
Arup Bhanja
http://www.PartyInternational.com
Engage, Indulge, Enjoy!
Marc Slemko wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> As you may already be aware, today CERT released an advisory about
> a security vulnerability that has been discovered associated with
> malicious HTML tags (especially scripting tags) being embedded in
> client web requests. The common name currently associated with this
> problem is "Cross Site Scripting", even though this name is not entirely
> accurate in its description of the problem.
>
> Please review the CERT advisory available at:
>
> http://www.cert.org/advisories/CA-2000-02.html
>
> for more details. Pay particular attention to their Tech Tip for
> Web Developers, available at:
>
> http://www.cert.org/tech_tips/malicious_code_mitigation.html
>
> There are a number of ways in which this issue impacts Apache itself,
> and many more ways in which it impacts sites developed using related
> technologies such as Apache modules, CGI scripts, mod_perl, PHP, etc.
> that runs on top of Apache. We have put together some information
> about this and it is available at:
>
> http://www.apache.org/info/css-security/
>
> Please visit this page for more information if you think this
> problem impacts your site or if you don't understand if the problem
> impacts your site. Included on this page are patches to Apache to
> fix a number of related bugs and to add a number of features that
> may be helpful in defending against this type of attack. We expect to
> release a new version of Apache in the immediate future that includes
> these patches, but do not yet have an exact timeline planned for this
> release.
>
> Please note that this issue does not in any way compromise the security
> of your server directly. All the issues related to this involve tricking
> a client into doing something that is not what the user intends.
>
> We expect to update our pages with more information in the future,
> as more of the details of and consequences of this issue are
> discovered.
>
> - --
> Marc Slemko | Apache Software Foundation member
> [EMAIL PROTECTED] | [EMAIL PROTECTED]
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
>
> iQCVAwUBOJiD51Qv/g4Arev1AQFp+AP+PYknXFPhcFExJvrZ2OdXhR43w2Fwuhgp
> UzhJFj8WLnpuaXNipQnE5/lVxNu2s7X6hshPP9GpDUkhU8u0WMXcJqydI4+/1OEV
> O2yRhVeIMwhE8k38SDxIiJJ+DsPQJ5p/Rfi8tZRh4GneSU5JBhY3d5hkumfsPocs
> NZYgV5YnhRs=
> =fSkT
> -----END PGP SIGNATURE-----
--
To unsubscribe, send mail to [EMAIL PROTECTED] with the body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/help/faq_list.html
