I got this in my e-Week news. If you're running Apache with WiTango (or otherwise), you should take a close look at this.
Guarding the E-Gates ========================================================= Timothy Dyck: A Bad, Bad Situation for Apache Sites On Saturday, Gobbles Security posted a second exploit for Apache HTTP Server chunked encoding vulnerability. As in the first exploit, the source code for apache-nosejob states that over a two-month research period, Gobbles Security discovered how to use the attack against not just BSD operating systems, but also against Solaris 6 through Solaris 8 on both SPARC and i386 chips and Linux 2.4 on i386. Gobbles also says it will release further exploit details this week. Given these statements and the widespread availability of existing exploit code, it's critical that all organizations using Apache upgrade as soon as possible to fixed versions of the Web server. http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eQrH0BgoT50E4J0oLB0AJ ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
