Quick Apache Question

From: Tru64 User <tru64user_at_yahoo.com>
Date: Thu, 20 Jun 2002 10:20:13 -0700 (PDT)

Greetings,

What is the main difference between the two apache
fronts out there, v2.0.x and 1.3.x?

I can see that they are promoting both by coming up
with updates for 1.3.x [1.3.24 to 1.3.26] and 2.0.x

I would imagine if 2.0.x superseded 1.3.x, they would
just issue a fix on the 2.0.x and suggest upgrades of
the 1.3.x users to 2.0.x

Sorry for posting purely apache qtn. here....just
looking for a faster response.

_Thanks

Richard


NOTE FROM APACHE WEBSITE:
Versions of the Apache web server up to and including
1.3.24 and 2.0 up to and including 2.0.36 contain a
bug in the routines which deal with invalid requests
which are encoded using chunked encoding. This bug can
be triggered remotely by sending a carefully crafted
invalid request. This functionality is enabled by
default.

In most cases the outcome of the invalid request is
that the child process dealing with the request will
terminate. At the least, this could help a remote
attacker launch a denial of service attack as the
parent process will eventually have to replace the
terminated child process, and starting new children
uses non-trivial amounts of resources.

The Apache Software Foundation has released versions
1.3.26 and 2.0.39 to address and fix this issue. These
version are available for download;


=====


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
Received on Thu Jun 20 2002 - 17:20:49 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:43 NZDT