Greetings,
A DoS vulnerability has been reported in mod_ssl in apache 2 (see
http://secunia.com/advisories/11092/).
Can anyone comment whether this vulnerability is present in mod_ssl in
apache 1.3 or is it simply that mod_ssl, prior to apache 2, is not the
responsibility of ASF?
Rgds,
Owen Boyl
Plain text please..
- What does it say in the error_log?
- are you *certain* you are using the correct PW (including case etc.)?
Create a user with pw = "a" just to be sure.
- 1.3.9 is an ancient version with many bugs and security holes. Is
there no chance to upgrade?
Rgds,
Owen Boyle
Discla
Whoops - just realised that this is on the "dev" list... Apologies to all...
To Santhi: This would be better addressed on [EMAIL PROTECTED]
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
> -Original Message-
> From: Boyle Owen
>
Greetings,
I think a lot of busy admins would appreciate it if the release
announcement pages had a date on them (eg
http://www.apache.org/dist/httpd/Announcement2.2.html).
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
PS - it's a bit cheeky to post this
Hi all,
Speaking as an apache user (not developer) who merely lurks on this
list, is it appropriate for me to question the formatting (and hence
usefulness) of this periodic report? If so;
- Might the time-ordering be reversed to show the most recent, first? It
seems a bit odd always to find, ri
> -Original Message-
> From: Guy Hulbert [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 09, 2006 2:33 PM
> To: dev@httpd.apache.org
> Subject: Re: Bug report for Apache httpd-2 [2006/10/08]
>
> ...
> >
> > IMHO that's supremely unimportant. I just delete these messages
>
> Hmmm ...
> -Original Message-
> From: Webmaster [mailto:[EMAIL PROTECTED]
>
> After you read the article, how could you possibly say that
> it is spam?
Well, the page does try to load javascript content from 4 external
sites... Fortunately, my browser's NoScript extension blocks them all.
Why d
> -Original Message-
> From: Webmaster [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 24, 2007 10:16 PM
> To: [EMAIL PROTECTED]; 'Rich Bowen'; dev@httpd.apache.org
> Cc: 'Apache Infrastructure'
> Subject: RE: [Issue] External links @ the wiki, aka pagechange wars
>
> Hello,
>
> I've n
> -Original Message-
> From: Nick Kew [mailto:[EMAIL PROTECTED]
>
> > ... Personally, I feel this role belongs in the government.
>
> Any particular government? A few years ago I'd probably have agreed.
> With the most blatently corrupt government in living memory, that has
> less appeal
> -Original Message-
> From: Joe Orton [mailto:[EMAIL PROTECTED]
> Sent: Montag, 6. Februar 2006 11:35
> To: Oden Eriksson
> Cc: dev@httpd.apache.org
> Subject: Re: mod_ssl 5s delay
>
> On Sun, Feb 05, 2006 at 05:30:17PM +0100, Oden Eriksson wrote:
> > For some reason I get a 5 seconds de
> -Original Message-
> From: Daniel Rogers [mailto:[EMAIL PROTECTED]
> Sent: Montag, 6. März 2006 03:17
> To: dev@httpd.apache.org
> Subject: SSL enabled name virtual hosts
>
>
> I am not convinced by the argument that name based SSL virtual hosting
> is impossible.
It's not only an arg
> -Original Message-
> From: David Burry [mailto:[EMAIL PROTECTED]
> Sent: Montag, 6. März 2006 11:08
> To: dev@httpd.apache.org
> Subject: Re: SSL enabled name virtual hosts
> >
> We use a "wildcard cert" to overcome this situation... the technical
> limitation is that all the SSL "ho
> -Original Message-
> From: Daniel Rogers [mailto:[EMAIL PROTECTED]
> Sent: Montag, 6. März 2006 19:01
>
>
> The end user sees only port 443. No worries about weird port numbers.
Ok - I read the post and I agree your solution doesn't rely on using a
non-standard port externally. I wa
Greetings,
To-do list item #1 for this week is "upgrade to 2.2.6". When I was
waiting for the tar-ball to download, it occurred to me that it isn't
blindingly obvious *when* the update was published. There's no date on
the homepage (http://httpd.apache.org/) or on the download page
(http://httpd.a
Greetings,
Our security guy noticed this alert about a XSS vulnerability in
mod_negotiation: http://www.mindedsecurity.com/MSA01150108.html.
According to the link, it applies to apache <= 2.2.6, so no worries for
2.2.8.
However, when I double-check the changelog for 2.2.8
(http://www.apache.org/d
mer attached to this message may be ignored.
> -Original Message-
> From: Boyle Owen [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 05, 2008 11:40 AM
> To: dev@httpd.apache.org
> Subject: XSS vulnerability in mod_negotiation - status in 2.2.8?
>
> Greetings,
>
> -Original Message-
> From: Stefan Fritsch [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 06, 2008 12:57 PM
> To: dev@httpd.apache.org
> Subject: RE: XSS vulnerability in mod_negotiation - status in 2.2.8?
>
> Hi,
>
> On Wed, 6 Feb 2008, Boyle Owen w
> -Original Message-
> From: Dirk-Willem van Gulik [mailto:di...@webweaving.org]
> Sent: Saturday, November 07, 2009 12:28 AM
> To: dev@httpd.apache.org
> Subject: Re: TLS renegotiation attack, mod_ssl and OpenSSL
>
> +1 from me. (FreeBSD, Solaris). Test with and without certs (firefox,
Greetings,
Is there anyone who can confirm that there will be no ApacheCon *Europe* in
2010? There is no news about it on the apachecon/apache sites and there have
been no announcements. Is the absence of evidence equivalent to evidence of
absence?
Rgds,
Owen Boyle
Disclaimer: Any disclaimer a
19 matches
Mail list logo