Covalent Releases Information on Apache 2.0 Vulnerability
Covalent Enterprise Ready Server 2.0-2.1.1 for Windows platforms (Windows 2000, Windows NT 4, Windows XP). On August 9, 2002, the Apache Software Foundation issued a security advisory for non-Unix versions of Apache 2.0. Covalent identified the versions of its products that are affected by this advisory.
Covalent Fast Start Server 3.0-3.1.1 for Windows platforms.
According to the company, the vulnerability does not affect any Fast Start versions previous to 3.x, and does not affect any UNIX/LINUX platforms.
Additional information: httpd.apache.org
Affects: All Released versions of 2.0 through 2.0.39
Fixed in: 2.0.40
The security vulnerability that was reported to and verified by the Apache Software Foundation allows an attacker to potentially inflict serious damage on a server, and reveal sensitive information. Covalent strongly recommends that all affected customers apply the solution to their Covalent Apache servers as soon as possible. A simple one-line addition to the Apache configuration file, httpsd.conf, closes the vulnerability.
Prior to the first 'Alias' or 'Redirect' directive, add the following directive to the global server configuration:
RedirectMatch 400 "\\\.\."
Fixes for this vulnerability are also included in Apache HTTP server version 2.0.40. The 2.0.40 release also contains fixes for two minor path-revealing exposures. This release of Apache is available at http://www.apache.org/dist/httpd/
More information will be made available by the Apache Software Foundation and Auriemma Luigi
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...