Greetings,
A DoS vulnerability has been reported in mod_ssl in apache 2 (see
http://secunia.com/advisories/11092/).
Can anyone comment whether this vulnerability is present in mod_ssl in
apache 1.3 or is it simply that mod_ssl, prior to apache 2, is not the
responsibility of ASF?
Rgds,
Owen
Plain text please..
- What does it say in the error_log?
- are you *certain* you are using the correct PW (including case etc.)?
Create a user with pw = a just to be sure.
- 1.3.9 is an ancient version with many bugs and security holes. Is
there no chance to upgrade?
Rgds,
Owen Boyle
Whoops - just realised that this is on the dev list... Apologies to all...
To Santhi: This would be better addressed on [EMAIL PROTECTED]
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
-Original Message-
From: Boyle Owen
Sent: Mittwoch, 31
Hi all,
Speaking as an apache user (not developer) who merely lurks on this
list, is it appropriate for me to question the formatting (and hence
usefulness) of this periodic report? If so;
- Might the time-ordering be reversed to show the most recent, first? It
seems a bit odd always to find,
-Original Message-
From: Guy Hulbert [mailto:[EMAIL PROTECTED]
Sent: Monday, October 09, 2006 2:33 PM
To: dev@httpd.apache.org
Subject: Re: Bug report for Apache httpd-2 [2006/10/08]
...
IMHO that's supremely unimportant. I just delete these messages
Hmmm ... me too.
Do
-Original Message-
From: Webmaster [mailto:[EMAIL PROTECTED]
After you read the article, how could you possibly say that
it is spam?
Well, the page does try to load javascript content from 4 external
sites... Fortunately, my browser's NoScript extension blocks them all.
Why do
-Original Message-
From: Webmaster [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 24, 2007 10:16 PM
To: [EMAIL PROTECTED]; 'Rich Bowen'; dev@httpd.apache.org
Cc: 'Apache Infrastructure'
Subject: RE: [Issue] External links @ the wiki, aka pagechange wars
Hello,
I've never used
Greetings,
To-do list item #1 for this week is upgrade to 2.2.6. When I was
waiting for the tar-ball to download, it occurred to me that it isn't
blindingly obvious *when* the update was published. There's no date on
the homepage (http://httpd.apache.org/) or on the download page
-Original Message-
From: Nick Kew [mailto:[EMAIL PROTECTED]
... Personally, I feel this role belongs in the government.
Any particular government? A few years ago I'd probably have agreed.
With the most blatently corrupt government in living memory, that has
less appeal.
At
-Original Message-
From: Joe Orton [mailto:[EMAIL PROTECTED]
Sent: Montag, 6. Februar 2006 11:35
To: Oden Eriksson
Cc: dev@httpd.apache.org
Subject: Re: mod_ssl 5s delay
On Sun, Feb 05, 2006 at 05:30:17PM +0100, Oden Eriksson wrote:
For some reason I get a 5 seconds delay for
-Original Message-
From: Daniel Rogers [mailto:[EMAIL PROTECTED]
Sent: Montag, 6. März 2006 03:17
To: dev@httpd.apache.org
Subject: SSL enabled name virtual hosts
I am not convinced by the argument that name based SSL virtual hosting
is impossible.
It's not only an argument,
-Original Message-
From: David Burry [mailto:[EMAIL PROTECTED]
Sent: Montag, 6. März 2006 11:08
To: dev@httpd.apache.org
Subject: Re: SSL enabled name virtual hosts
We use a wildcard cert to overcome this situation... the technical
limitation is that all the SSL hosts have to
-Original Message-
From: Daniel Rogers [mailto:[EMAIL PROTECTED]
Sent: Montag, 6. März 2006 19:01
The end user sees only port 443. No worries about weird port numbers.
Ok - I read the post and I agree your solution doesn't rely on using a
non-standard port externally. I was
Greetings,
I think a lot of busy admins would appreciate it if the release
announcement pages had a date on them (eg
http://www.apache.org/dist/httpd/Announcement2.2.html).
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
PS - it's a bit cheeky to post this
Greetings,
Our security guy noticed this alert about a XSS vulnerability in
mod_negotiation: http://www.mindedsecurity.com/MSA01150108.html.
According to the link, it applies to apache = 2.2.6, so no worries for
2.2.8.
However, when I double-check the changelog for 2.2.8
to this message may be ignored.
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 05, 2008 11:40 AM
To: dev@httpd.apache.org
Subject: XSS vulnerability in mod_negotiation - status in 2.2.8?
Greetings,
Our security guy noticed this alert about a XSS
-Original Message-
From: Stefan Fritsch [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 06, 2008 12:57 PM
To: dev@httpd.apache.org
Subject: RE: XSS vulnerability in mod_negotiation - status in 2.2.8?
Hi,
On Wed, 6 Feb 2008, Boyle Owen wrote:
It is clear to me now
-Original Message-
From: Dirk-Willem van Gulik [mailto:di...@webweaving.org]
Sent: Saturday, November 07, 2009 12:28 AM
To: dev@httpd.apache.org
Subject: Re: TLS renegotiation attack, mod_ssl and OpenSSL
+1 from me. (FreeBSD, Solaris). Test with and without certs (firefox,
Greetings,
Is there anyone who can confirm that there will be no ApacheCon *Europe* in
2010? There is no news about it on the apachecon/apache sites and there have
been no announcements. Is the absence of evidence equivalent to evidence of
absence?
Rgds,
Owen Boyle
Disclaimer: Any disclaimer
19 matches
Mail list logo