[users@httpd] Apache Security

[Bu...@koc.net]

Hello,

I want to ask something about Apache security, 

When we scan apache webservers with ISS, we found Http_Trace Vulnerability. Details was given in  http://www.kb.cert.org/vuls/id/867593  address, 
When I apply that solution for this vulnerability, it worked for 2 systems. But it didn't work other servers with the same configuration. 

Any suggestion regarding with this problem ? 

Regards, 
Burçin OLGAC
 
_____________________________________________________________________________________________________________________________________________
 
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. 
 
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential  information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, could not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however,  sender  cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
 
_____________________________________________________________________________________________________________________________________________
 

 

 

 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache Security

[Joshua Slive <jo...@slive.ca>]

On Wed, 4 Jun 2003 BurcinO@koc.net wrote:

> Hello,
>
> I want to ask something about Apache security,
>
> When we scan apache webservers with ISS, we found Http_Trace Vulnerability. Details was given in  http://www.kb.cert.org/vuls/id/867593  address,
> When I apply that solution for this vulnerability, it worked for 2 systems. But it didn't work other servers with the same configuration.
>
> Any suggestion regarding with this problem ?

This is not a real vulnerability.  Read the extended bugtraq discussion on
HTTP TRACE from a while back for the details.  So I would just ignore it.

If you really want to restrict TRACE, then you'll need to give us more
details on exactly what you tried and how you know it isn't working.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org