You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Steven Backus <ba...@whimsy.med.utah.edu> on 2009/11/24 20:51:44 UTC

[users@httpd] Directory Traversal Vulnerability

Our crack security team scanned my web server with QualysGuard
Enterprise.  It found a "Gneric Web Server Directory Traversal
Vulnerability."  I'm at a loss to fix this, httpd -v returns:

Server version: Apache/2.2.3
Server built:   Nov 10 2009 09:06:57

I'm on RHEL 5 with current patches.  Can anyone point me in the
direction of a fix?

Thanks,
  Steve
-- 
Steven J. Backus                        Computer Specialist
University of Utah                      E-Mail:  steven.backus@utah.edu
Genetic Epidemiology                    Alternate:  backus@math.utah.edu
391 Chipeta Way -- Suite D              Office:  801.587.9308
Salt Lake City, UT 84108-1266           http://www.math.utah.edu/~backus

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Directory Traversal Vulnerability

Posted by Jonathan Zuckerman <j....@gmail.com>.

On Tue, Nov 24, 2009 at 11:51 AM, Steven Backus
<ba...@whimsy.med.utah.edu> wrote:
> Our crack security team scanned my web server with QualysGuard
> Enterprise.  It found a "Gneric Web Server Directory Traversal
> Vulnerability."  I'm at a loss to fix this, httpd -v returns:
>
> Server version: Apache/2.2.3
> Server built:   Nov 10 2009 09:06:57
>
> I'm on RHEL 5 with current patches.  Can anyone point me in the
> direction of a fix?
>
> Thanks,
>  Steve
> --
> Steven J. Backus                        Computer Specialist
> University of Utah                      E-Mail:  steven.backus@utah.edu
> Genetic Epidemiology                    Alternate:  backus@math.utah.edu
> 391 Chipeta Way -- Suite D              Office:  801.587.9308
> Salt Lake City, UT 84108-1266           http://www.math.utah.edu/~backus
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

http://tinyurl.com/ylzn5g8

third link from the top bro

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org