Date: Thu, 1 Mar 2001 12:01:03 -0600 From: Bryan Paxton <bpaxton@SECURITYPORTAL.COM> Subject: LSLID:2001030101 - Apache 1.3.19 - security fix To: LINUX-SECURITY@LISTSERV.SECURITYPORTAL.COM LSLID:2001030101 >From freshmeat.net: Apache 1.3.19 (Stable) Apache is the world's most popular HTTP server, being quite possibly the best around in terms of functionality, efficiency, security and speed. It was originally based on code and ideas found in NCSA httpd 1.3 (early 1995). Changes: This release is primarily a security fix release, addressing a problem which could lead to a directory listing being displayed in place of an error message. Also, it fixes some broken functionality present in the 1.3.17 release and various Win32 issues. License: BSD License - Release focus: Minor security fixes >From the Apache 1.3.x ChangeLog (http://httpd.apache.org/dist/CHANGES_1.3): *) SECURITY: The default installation could lead to mod_negotiation and mod_dir/mod_autoindex displaying a directory listing instead of the index.html.* files, if a very long path was created artificially by using many slashes. Now a 403 FORBIDDEN is returned. [Martin Kraemer] -- Bryan Paxton SecurityPortal, your focal point for security on the net. http://www.securityportal.com/