Influence version:

I can with Apache Group I can with Apache 2.0.51

HP HP system_name: error

HP HP - UX 11.22

HP HP - nov 11 UX

HP HP - UX 11.00

HP Tru64 UNIX SWS < 6.3 vulnerability describes:

BUGTRAQ ID: 11239

CVE (CAN) ID: CVE - 2004-0811

I can with Apache is a new open source WEB services program.

I can with Apache Web Server access control bypass existing in the cause is the merger loopholes, the command endeavor unknown error. Remote attacker can use this loophole bypass access control, unauthorized access limited resources. < * reference

http://httpd.apache.org/security/vulnerabilities_20.html

http://security.gentoo.org/glsa/glsa-200409-33.xml

http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1739.1

http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1702.1

* >

SEBUG security recommendations:

Temporary solution:

If you can't immediately installation patch or update, NSFOCUS suggest you take the following measures to reduce threat:

- HTTPD - 2.0 / server/core 2004/08/31 08:16:56 1.225.2.27 j c

+ + + HTTPD - 2.0 / server/core 2004/09/21 13:21:16 1.225.2.28 j c

Declan - 351,9 + 351,13 declan

We simply use / * Otherwise the base - > sec_file array

* /

+ / * use a separate - > endeavor array [] here * / either

+ apr_palloc conf - > endeavor = sizeof (* (a, conf - > endeavor) * METHODS);

For (I = 0; I < METHODS; + + I) {

If (new - > endeavor [I]! = SATISFY_NOSPEC) {

Conf - > endeavor [I] = new - > endeavor [I];

+} else {

+ conf - > endeavor [I] = base - > endeavor [I];

}

}

Manufacturers patch:

I can with Apache Group

- - - - - - - - - - - -

Currently manufacturers have released update to fix this safety issues, please go to the manufacturer's home page download: http://httpd.apache.org/download.cgi// sebug.net