[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SUSE Security Announcement: apache,apache2 mod_rewrite problem (SUSE-SA:2006:043)

On Sat, Jul 29, 2006 at 12:45:03AM +0200, Christian Boltz wrote:
> Hello,
> Am Freitag, 28. Juli 2006 17:22 schrieb Marcus Meissner:
> >    The following security problem was fixed in the Apache and Apache
> >    2 web servers:
> >
> >    mod_rewrite: Fix an off-by-one security problem in the ldap scheme
> >    handling.
> Does this mean that this vulnerability only happens when I use LDAP 
> _and_ mod_rewrite with Apache?
> Or does a "simple" use of mod_rewrite without LDAP also have this 
> problem?
> (Or does ldap mean anything else than the (in)famous directory service 
> here?)
> Some clarification would be helpful ;-)
> (The announcement on apache.org does not even mention LDAP...)

Then I might have made a mistake there, but the vicinity of the patch
handles ldap urls.

Ciao, Marcus

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here