[lug] Apache security flaw
Ferdinand Schmid
fschmid at archenergy.com
Tue Jun 18 09:23:21 MDT 2002
HI,
This came through on eWEEK today:
Flaw Found in Apache HTTP Server
A buffer overrun vulnerability in the Apache HTTP server
included with many popular Web servers enables an attacker
to execute code on vulnerable machines. To read the story,
click here:
http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eQhB0DDhnJ0E4J0n470AY
It appears that security companies now alert hackers at the same time as alerting the
maintainers of the code. I felt that giving 2 weeks notice to the code maintainers (be it
a private business or a group of open source maintainers) would be the fair thing to do.
Sorry for writing a bit irritated about this.
Ferdinand
--
Ferdinand Schmid
Architectural Energy Corporation
Celebrating 20 Years of Improving Building Energy Performance
http://www.archenergy.com
More information about the LUG
mailing list