You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by David Burry <db...@tagnet.org> on 2004/10/13 22:08:30 UTC

buffer overflow in mod_proxy in 1.3.31?

Has anyone checked this out yet?

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492

It was reported in cnet news a month or two ago, and my SOX security 
guys at work have been bugging me about it...  I need to tell them 
either it's a false alarm or it will be fixed soon.

Any current status on it?

Dave

Re: buffer overflow in mod_proxy in 1.3.31?

Posted by Lars Eilebrecht <la...@hyperreal.org>.

According to David:

> It was reported in cnet news a month or two ago, and my SOX security 
> guys at work have been bugging me about it...  I need to tell them 
> either it's a false alarm or it will be fixed soon.

A patch is available since June at
http://www.apache.org/dist/httpd/patches/apply_to_1.3.31/


ciao...
-- 
Lars Eilebrecht               - Ever notice how fast Windows runs?
lars@hyperreal.org                      - Neither did I.