Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: S-118: Apache httpd Vulnerabilities
Special Forums Cybersecurity Security Advisories (RSS) S-118: Apache httpd Vulnerabilities Post 302158579 by Linux Bot on Tuesday 15th of January 2008 07:10:12 PM
Old 01-15-2008
S-118: Apache httpd Vulnerabilities
Several flaws were found in released versions of Apache httpd 2.2. Flaws were found in the:1) mod_proxy_balancer module;2) mod_status module; and3) mod_imagemap module. The risk is LOW. Cross-site scripting attacks.


More...
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Apache httpd.conf <VirtualHost> issue

I have just configured httpd.conf on a new Redhat 9 install. Below are my additions to httpd.conf. Everything works fine except that when typing http://spetnik.d2g.com into my web browser, I am sent to the "Default catch all" site. Any clues? NameVirtualHost *:80 #Default catch all ... (5 Replies)
Discussion started by: Spetnik
5 Replies

2. Ubuntu

Apache 2 httpd.conf empty

Hi everybody, I have installed Apache 2 + Tomcat 5.5. on Ubuntu 7.04 and the default httpd.conf is empty (0 lines), however there is a file called apache2.conf that looks like a default httpd.conf. I didn't use Apache in ages, since 1.3.x release, but I remember that the httpd.conf by default... (2 Replies)
Discussion started by: sspirito
2 Replies

3. UNIX for Advanced & Expert Users

Building Apache httpd 2.2.15

Hi, What options should I use with ./configure to include mod_dav into the build? I use --enable-dav and I didn't see mod_dav.so anywhere in the build directory. I need to load mod_dav.so as a module during httpd startup. Thanks. (1 Reply)
Discussion started by: Parker_
1 Replies

4. Web Development

servername in apache httpd.conf

I'd like to know if servername in apache httpd.conf is the machine name or domain name. If it is domain name like example.com, should it be registered before in use? (1 Reply)
Discussion started by: yzhang738
1 Replies

5. Red Hat

apache 2.2 httpd.conf

Hi, I was wondering if someone could help me out here. I am super-paranoid, so am trying to limit what PHP files can be executed on this server. I have a small list of files that I want to allow. The rest, deny. So I have base rule that denies all php files server-wide: order allow,deny ... (0 Replies)
Discussion started by: Lobster
0 Replies

6. Red Hat

apache 2.2 httpd.conf

Hi, I was wondering if someone could help me out here. I am super-paranoid, so am trying to limit what PHP files can be executed on this server. I have a small list of files that I want to allow. The rest, deny: <Files ~ "\.(php|php3)$"> order allow,deny deny from all </Files> I... (0 Replies)
Discussion started by: Lobster
0 Replies

7. AIX

Apache httpd appear too many times on processes

Dear all experts, I have a environment with 2 web, 2 apps and 2 db servers. Recently after I have patch the AIX O/S from 5300-11-02 to 5300-12-02, we found that the number of httpd processes increase largely. From originally 4 fix httpd processes become more than 600 processes. And it already... (1 Reply)
Discussion started by: kwliew999
1 Replies

8. UNIX for Dummies Questions & Answers

Locate which httpd.conf is used by Apache

What is the command to see what httpd.conf file is apache using. Apache is started. (1 Reply)
Discussion started by: galford
1 Replies

9. Linux

Apache httpd configuration - Issues with APR

Hi I have tried setting up of Apache http server - httpd-2.4.25. During configuration, I understand it needs APR to be setup. Hence I have downloaded APR & APR-Util. Performed, tar xvfC apr-1.5.2.tar /root/httpd-2.4.25/srclib/apr What is happening is there is another directory... (1 Reply)
Discussion started by: videsh77
1 Replies

LEARN ABOUT DEBIAN

apache::authznetldap

AuthzNetLDAP(3pm)					User Contributed Perl Documentation					 AuthzNetLDAP(3pm)

NAME

       Apache::AuthzNetLDAP - Apache-Perl module that enables you to authorize a user for Website based on LDAP attributes.

SYNOPSIS

	 PerlSetVar BindDN "cn=Directory Manager"
	 PerlSetVar BindPWD "password"
	 PerlSetVar BaseDN "ou=people,o=unt.edu"
	 PerlSetVar LDAPServer ldap.unt.edu
	 PerlSetVar LDAPPort 389
	 PerlSetVar UIDAttr uid
	#PerlSetVar UIDAttr mail

	 PerlAuthenHandler Apache::AuthNetLDAP
	 PerlAuthzHandler Apache::AuthzNetLDAP

	 #require valid-user
	 #require user mewilcox
	 #require user mewilcox@venus.acs.unt.edu
	 #require group "cn=Peoplebrowsers1,ou=UNTGroups,ou=People, o=unt.edu"
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=wilcox
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=smith
	 #require ldap-url ldap://castor.acs.unt.edu/ou=people,o=unt.edu??sub?untcourse=
       untcoursenumber=1999CCOMM2040001,ou=courses,ou=acad,o=unt.edu

DESCRIPTION

       After you have authenticated a user (perhaps with Apache::AuthNetLDAP ;) you can use this module to determine whether they are authorized
       to access the Web resource under this modules control.

       You can control authorization via one of four methods. The first two are pretty standard, the second two are unique to LDAP.

       "require" options --

       user -> Will authorize access if the authenticated user's username.

       valid-user -> Will authorize any authenticated user.

       group -> Will authorize any authenticated user who is a member of the LDAP group specified by groupdn. This module supports groupOfMember,
       groupOfUniquemember and Netscape's dynamic group object classes.

       ldap-url -> This will authorize any authenticated user who matches the query specified in the given LDAP URL. This is enables users to get
       the flexibility of Netscape's dynamic groups, even if their LDAP server does not support such a capability.

CONFIGURATION NOTES

	It is important to note that this module must be used in conjunction with an authentication module. (...?
       Is this true?  I just thought, that you might want to only authorize a user, instead of authenticate...)
       If you are using an authentication module, then the following lines will not need to be duplicated:

	 PerlSetVar BindDN "cn=Directory Manager"
	 PerlSetVar BindPWD "password"
	 PerlSetVar BaseDN "ou=people,o=unt.edu"
	 PerlSetVar LDAPServer ldap.unt.edu
	 PerlSetVar LDAPPort 389
	 PerlSetVar UIDAttr uid
	#PerlSetVar UIDAttr mail

	 PerlAuthenHandler Apache::AuthNetLDAP

       The following lines will not need to be duplicated if supported by the authentication module:

	 #require valid-user
	 #require user mewilcox
	 #require user mewilcox@venus.acs.unt.edu
	 #require group "cn=Peoplebrowsers1,ou=UNTGroups,ou=People, o=unt.edu"
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=wilcox
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=smith
	 #require ldap-url ldap://castor.acs.unt.edu/ou=people,o=unt.edu??sub?untcourse=

       Obviously, the ldap-url attribute is probably only support by this module.

       Check out the following link for options to load the module:

       http://perl.apache.org/docs/1.0/guide/config.html#The_Startup_File http://perl.apache.org/docs/2.0/user/config/config.html#Startup_File

AUTHOR

       Mark Wilcox mewilcox@unt.edu and Shannon Eric Peevey speeves@unt.edu

SEE ALSO

       perl(1).

WARRANTY Hey, I didn't destroy mankind when testing the module. You're mileage may vary.
       This module is distributed with the same license as Perl's.

perl v5.10.0							    2008-06-29							 AuthzNetLDAP(3pm)
All times are GMT -4. The time now is 04:28 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy