![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
Date: Thu, 1 Mar 2001 12:01:03 -0600
From: Bryan Paxton <bpaxton@SECURITYPORTAL.COM>
Subject: LSLID:2001030101 - Apache 1.3.19 - security fix
To: LINUX-SECURITY@LISTSERV.SECURITYPORTAL.COM
LSLID:2001030101
>From freshmeat.net:
Apache 1.3.19 (Stable)
Apache is the world's most popular HTTP server, being quite possibly the best around in terms of functionality, efficiency, security and speed.
It was originally based on code and ideas found in NCSA httpd 1.3 (early 1995).
Changes: This release is primarily a security fix release, addressing a problem which could lead to a directory listing being displayed in place of an error message.
Also, it fixes some broken functionality present in the 1.3.17 release and various Win32 issues.
License: BSD License - Release focus: Minor security fixes
>From the Apache 1.3.x ChangeLog (http://httpd.apache.org/dist/CHANGES_1.3):
*) SECURITY: The default installation could lead to mod_negotiation
and mod_dir/mod_autoindex displaying a directory listing instead of
the index.html.* files, if a very long path was created artificially
by using many slashes. Now a 403 FORBIDDEN is returned.
[Martin Kraemer]
--
Bryan Paxton
SecurityPortal, your focal point for security on the net.
http://www.securityportal.com/