Once again, thanks for the heads-up, Julian. :)
On 08/24/2011 10:08 AM, Julian Yap wrote:
Here is an article:
http://www.theregister.co.uk/2011/08/24/devastating_apache_vuln/
Try running the proof of concept here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=51714
I ran it on some CentOS 5 and 6 (running httpd-2.2.15-5.el6.centos.x86_64)
servers which reported no issues. It may be the default way that RHEL/CentOS
has the network set up or perhaps does not enable the modules required. I
suspect some distributions may be vulnerable with their default set up.
- Julian
_______________________________________________
LUAU@lists.freesoftwarehawaii.org mailing list
http://lists.freesoftwarehawaii.org/listinfo.cgi/luau-freesoftwarehawaii.org
_______________________________________________
LUAU@lists.freesoftwarehawaii.org mailing list
http://lists.freesoftwarehawaii.org/listinfo.cgi/luau-freesoftwarehawaii.org
