[JaxPM] FW: Apache Week issue 261

JONES, WILLIAM C wcjones at exchange.fccj.org
Fri Aug 31 11:43:35 CDT 2001 

On the jacksonville-pm-list; Jax.PM'er "JONES, WILLIAM C" <wcjones at exchange.fccj.org> wrote -

Anyone using *SQL products within Apache?  You may wish to share with
Apache/SQL developers...

HTH/Sx  :]


-----Original Message-----
From: Apache Week
To: apacheweek at apacheweek.com
Sent: 8/31/2001 12:18 PM
Subject: Apache Week issue 261

                                       
Security vulnerability found in third-party modules

     RUS-CERT has discovered a vulnerability that affects several
     third-party Apache authentication modules that use SQL databases to
     store authentication information. An external attacker can make use
     of this vulnerability to obtain arbitrary data from your server.
     The modules known to be affected include:
     * AuthPG
     * mod_auth_mysql
     * mod_auth_oracle
     * mod_auth_pgsql
     * mod_auth_pgsql_sys
       
     If you are using one of these modules, or any other module to
     authenticate against a SQL database read [4]the full advisory and
     update your module.


Also -     
     In the wake of the Code Red worm, Joe "Zonker" Brockmeier warns
     Unix and Linux administrators running the Apache Web Server not to
     let their guard down in this tongue-in-cheek but apt piece entitled
     [9]"Thinking about Security". I'm sure many of you will find his
     advice on how to stop your boss from embarrassing himself useful.
       ______________________________________________________________
     
References

http://cvs.apache.org/viewcvs.cgi/~checkout~/httpd-test/flood/examples/round
-robin.xml?content-type=text/plain&only_with_tag=HEAD

http://httpd.apache.org/docs/misc/perf-tuning.html#compiletime

http://cert.uni-stuttgart.de/advisories/apache_auth.php

http://www.apacheref.com/

http://www.samag.com/articles/2001/0109/0109h/0109h.htm

http://www.unixreview.com/articles/2001/0108/0108m/0108m.htm


Jax.PM Moderator's Note:
This message was posted to the Jacksonville Perl Monger's Group listserv.
The group manager can be reached at -- owner-jacksonville-pm-list at pm.org
to whom send all praises, complaints, or comments...

More information about the Jacksonville-pm mailing list