Influence version:
I can with Apache Group I can with Apache 2.0.51
HP HP system_name: error
HP HP - UX 11.22
HP HP - nov 11 UX
HP HP - UX 11.00
HP Tru64 UNIX SWS < 6.3 vulnerability describes:
BUGTRAQ ID: 11239
CVE (CAN) ID: CVE - 2004-0811
I can with Apache is a new open source WEB services program.
I can with Apache Web Server access control bypass existing in the cause is the merger loopholes, the command endeavor unknown error. Remote attacker can use this loophole bypass access control, unauthorized access limited resources. < * reference
http://httpd.apache.org/security/vulnerabilities_20.html
http://security.gentoo.org/glsa/glsa-200409-33.xml
http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1739.1
http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1702.1
* >
SEBUG security recommendations:
Temporary solution:
If you can't immediately installation patch or update, NSFOCUS suggest you take the following measures to reduce threat:
- HTTPD - 2.0 / server/core 2004/08/31 08:16:56 1.225.2.27 j c
+ + + HTTPD - 2.0 / server/core 2004/09/21 13:21:16 1.225.2.28 j c
Declan - 351,9 + 351,13 declan
We simply use / * Otherwise the base - > sec_file array
* /
+ / * use a separate - > endeavor array [] here * / either
+ apr_palloc conf - > endeavor = sizeof (* (a, conf - > endeavor) * METHODS);
For (I = 0; I < METHODS; + + I) {
If (new - > endeavor [I]! = SATISFY_NOSPEC) {
Conf - > endeavor [I] = new - > endeavor [I];
+} else {
+ conf - > endeavor [I] = base - > endeavor [I];
}
}
Manufacturers patch:
I can with Apache Group
- - - - - - - - - - - -
Currently manufacturers have released update to fix this safety issues, please go to the manufacturer's home page download: http://httpd.apache.org/download.cgi// sebug.net