[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Apache Vulnerability
- Subject: Re: [cobalt-security] Apache Vulnerability
- From: "Paul Wilson" <webguroo@xxxxxxxxxxxxxxx>
- Date: Tue, 9 Jul 2002 09:42:29 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> http://www.extremetech.com/article2/0,3973,302776,00.asp
> It appears the fix to apache just keeps the person from getting root
> access, not from doing the DOS.
According to what I read, vulnerabilities vary according to platform.
http://www.extremetech.com/article2/0,3973,3125,00.asp Apache for Windows
allowed the DoS a way into the server.
My understanding of the patch is that it prevents the server from locking
up. It can't prevent a DoS attack which comes from outside anyway. It
keeps the child processes and logging overuns from locking up the server.
Paul Wilson
webguroo@xxxxxxxxxxxxxxx
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.373 / Virus Database: 208 - Release Date: 7/6/2002