You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/09/01 23:21:54 UTC
DO NOT REPLY [Bug 49623] CVE-2003-1418 - all httpd versions seem to
expose inode values in FileEtag
https://issues.apache.org/bugzilla/show_bug.cgi?id=49623
--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> 2011-09-01 21:21:54 UTC ---
Please provide a citation of how possessing an arbitrary identifier, the inode,
represents either a local or remote exploit?
No, not the respective validation test that is failing, but an actual citation
w.r.t. the value of an inode to exploiting a machine. Validation vendors are
famous for not actually probing for vulnerabilities, but regurgitating them
based on version numbers.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org