Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-039: httpd Security Update

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-039: httpd Security Update
# 1  
Old 01-23-2008
S-039: httpd Security Update
A flaw was found in the Apache HTTP Server mod_proxy module. The risk is MEDIUM. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Clearify what it means under 'WHAT' when hit the 'w'-command

I wonder how I shall read the result below, especially 'what' shown below. The result was shown when I entered 'w'. E.g what is TOP? What is gosh ( what does selmgr mean?)? login@ idle JCPU PCPU what 6:15am 7:04 39 39 TOP 6:34am 6:45 45 45 TOP 6:41am ... (1 Reply)
Discussion started by: Aelgen
1 Replies
Login or Register to Ask a Question

LEARN ABOUT OSX

htdigest

HTDIGEST(1)							     htdigest							       HTDIGEST(1)

NAME

       htdigest - manage user files for digest authentication

SYNOPSIS

       htdigest [ -c ] passwdfile realm username

SUMMARY

       htdigest  is  used to create and update the flat-files used to store usernames, realm and password for digest authentication of HTTP users.
       Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htdigest.

       This manual page only lists the command line arguments. For details of the directives necessary to configure digest authentication in httpd
       see the Apache manual, which is part of the Apache distribution or can be found at http://httpd.apache.org/.

OPTIONS

       -c     Create the passwdfile. If passwdfile already exists, it is deleted first.

       passwdfile
	      Name  of the file to contain the username, realm and password. If -c is given, this file is created if it does not already exist, or
	      deleted and recreated if it does exist.

       realm  The realm name to which the user name belongs. See http://tools.ietf.org/html/rfc2617#section-3.2.1 for more details.

       username
	      The user name to create or update in passwdfile. If username does not exist is this file, an entry is added. If it does  exist,  the
	      password is changed.

SECURITY CONSIDERATIONS

       This program is not safe as a setuid executable. Do not make it setuid.

Apache HTTP Server						    2012-07-19							       HTDIGEST(1)