Re: [users@httpd] Help required for security vulnerabilities in 1.3.29

[Nick Kew <ni...@webthing.com>]

On Tuesday 29 November 2005 12:17, Joost de Heer wrote:
> > To start, you can get information on apache 1.3 security vulnerabilities
> > here:
> > http://httpd.apache.org/security/vulnerabilities_13.html
> > You'll notice this lines up quite closely with the list you quote.
> > All of these problems could be fixed simply by upgrading your server
> > to the most recent 1.3 release: 1.3.33.
>
> 1.3.34 was released several weeks ago (at least the Unix version, did
> William Rowe upload the win32 1.3.34 binary yet?)

http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=113147100206551&w=2

I can't find the reference just now, but he later suggested this lack of 
interest means we can finally declare 1.3-on-windows dead.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Help required for security vulnerabilities in 1.3.29

[Joost de Heer <sa...@xs4all.nl>]

>> 1.3.34 was released several weeks ago (at least the Unix version, did
>> William Rowe upload the win32 1.3.34 binary yet?)
>
> http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=113147100206551&w=2
>
> I can't find the reference just now, but he later suggested this lack of
> interest means we can finally declare 1.3-on-windows dead.

Well, it looks like the win32 build of 1.3.34 is available now....

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Help required for security vulnerabilities in 1.3.29

[syona m <sy...@yahoo.com>]

Hi All,
   
  I have come to know that by default DELETE and PUT methods are disable in apache webserver. Is there any way I can test for the same?
   
  Following the tips mentioned in the following sites  http://software.newsforge.com/article.pl?sid=04/09/17/1527247&tid=78&tid=48 
"To test the PUT method, use a tool like curl to attempt a file upload:
curl -T test.asp http://www.mywebsite.com/
 Next, try to access the file. If you can, then the PUT method is enabled.
To test the DELETE method, connect to the server using telnet and issue the following command:
DELETE / HTTP/1.0\n \n
 where is the file you want to delete (ie: index.html). If the file gets removed, the DELETE method is enabled"

Using the curl tool it was seen that PUT methods is not Impactingour software
D:\curl\curl-7.15.0>curl -T README http://xxx:8080/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>405 Method Not Allowed</TITLE>
</HEAD><BODY>
<H1>Method Not Allowed</H1>
The requested method PUT is not allowed for the URL /README.<P>
<HR>
<ADDRESS>Apache/1.3.29 Server at indmft6 Port 8080</ADDRESS>
</BODY></HTML>

For using the same tool for DELETE method we were not able to login to the server
   
   
  trying directly to test the method DELETE
  DELETE <file>  HTTP/1.0\n \n 
  # DELETE 
DELETE: not found 
# 
   
  I got this  whether this a valid testing result  or is command:  not found  is a message coming from the Solaris operating system
   
  Please let me know is there any other way I could verify for sure this method not being used by the apache installed in my machine
   
  Thanks for the help
  Regards
  Priya
   
  


"William A. Rowe, Jr." <wr...@rowe-clan.net> wrote:
  Nick Kew wrote:
> On Tuesday 29 November 2005 12:17, Joost de Heer wrote:
> 
>>1.3.34 was released several weeks ago (at least the Unix version, did
>>William Rowe upload the win32 1.3.34 binary yet?)
> 
> http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=113147100206551&w=2
> 
> I can't find the reference just now, but he later suggested this lack of 
> interest means we can finally declare 1.3-on-windows dead.

Yes, at which point Randy our Guru of Win32/modperl reminded me that many
folks do use this, and he personally vouched for the installer.

So, yes, these have been up for the past week.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

  


			
---------------------------------
Yahoo! Shopping
 Find Great Deals on Holiday Gifts at Yahoo! Shopping 

Re: [users@httpd] Help required for security vulnerabilities in 1.3.29

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

Nick Kew wrote:
> On Tuesday 29 November 2005 12:17, Joost de Heer wrote:
> 
>>1.3.34 was released several weeks ago (at least the Unix version, did
>>William Rowe upload the win32 1.3.34 binary yet?)
> 
> http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=113147100206551&w=2
> 
> I can't find the reference just now, but he later suggested this lack of 
> interest means we can finally declare 1.3-on-windows dead.

Yes, at which point Randy our Guru of Win32/modperl reminded me that many
folks do use this, and he personally vouched for the installer.

So, yes, these have been up for the past week.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org