tags 524474 - security
severity 524474 important
thanks
On Sunday 03 May 2009, John Lightsey wrote:
> This shouldn't be tagged as a grave security issue. The symlink
> tests in Apache are trivial to overcome with timing attacks and the
> Apache documentation explicitly states that the symlink tes
This shouldn't be tagged as a grave security issue. The symlink tests
in Apache are trivial to overcome with timing attacks and the Apache
documentation explicitly states that the symlink tests should not be
considered a security restriction.
http://httpd.apache.org/docs/2.2/mod/core.html#options
2 matches
Mail list logo