You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Steven Backus <ba...@whimsy.med.utah.edu> on 2009/11/24 20:51:44 UTC
[users@httpd] Directory Traversal Vulnerability
Our crack security team scanned my web server with QualysGuard
Enterprise. It found a "Gneric Web Server Directory Traversal
Vulnerability." I'm at a loss to fix this, httpd -v returns:
Server version: Apache/2.2.3
Server built: Nov 10 2009 09:06:57
I'm on RHEL 5 with current patches. Can anyone point me in the
direction of a fix?
Thanks,
Steve
--
Steven J. Backus Computer Specialist
University of Utah E-Mail: steven.backus@utah.edu
Genetic Epidemiology Alternate: backus@math.utah.edu
391 Chipeta Way -- Suite D Office: 801.587.9308
Salt Lake City, UT 84108-1266 http://www.math.utah.edu/~backus
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Directory Traversal Vulnerability
Posted by Jonathan Zuckerman <j....@gmail.com>.
On Tue, Nov 24, 2009 at 11:51 AM, Steven Backus
<ba...@whimsy.med.utah.edu> wrote:
> Our crack security team scanned my web server with QualysGuard
> Enterprise. It found a "Gneric Web Server Directory Traversal
> Vulnerability." I'm at a loss to fix this, httpd -v returns:
>
> Server version: Apache/2.2.3
> Server built: Nov 10 2009 09:06:57
>
> I'm on RHEL 5 with current patches. Can anyone point me in the
> direction of a fix?
>
> Thanks,
> Steve
> --
> Steven J. Backus Computer Specialist
> University of Utah E-Mail: steven.backus@utah.edu
> Genetic Epidemiology Alternate: backus@math.utah.edu
> 391 Chipeta Way -- Suite D Office: 801.587.9308
> Salt Lake City, UT 84108-1266 http://www.math.utah.edu/~backus
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
http://tinyurl.com/ylzn5g8
third link from the top bro
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org