Conectiva Linux Security Announcement - apache | Linux Today

Conectiva Linux Security Announcement – apache

Written By
Web Webster
Web Webster
Oct 12, 2000

Date: Wed, 11 Oct 2000 16:20:28 -0300
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Conectiva Linux Security Announcement – apache


CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE   : apache
SUMMARY   : mod_rewrite and Host header vulnerability
DATE      : 2000-10-11 16:19:00
RELEVANT
RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1

DESCRIPTION There are two vulnerabilities in the Apache web
server as shipped with Conectiva Linux.

1) Under certain configurations, the mod_rewrite module could be
used to access any file on the server, provided that filesystem
access rights permitted that. Now the mod_rewrite module makes a
one-pass expansion and is no longer vulnerable to this.

2) The other vulnerability is regarding the handling of Host:
headers in mass virtual hosting configurations. The check for dot
(“.”) charactes in that header was not complete and could permit
access to a parent directory.

SOLUTION It is recommended that users using mod_rewrite or with
virtual hosting update their servers. Users of Conectiva Linux 4.1
and 4.2 will also find apache-1.3.12 on the FTP site. That package
should be used for those who upgraded to 1.3.12 because of the
IMP/HORDE advisory a while ago.

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/apache-1.3.6-16cl.src.rpm


ftp://atualizacoes.conectiva.com.br/4.0/i386/apache-1.3.6-16cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/4.0/i386/apache-devel-1.3.6-16cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/apache-1.3.6-16cl.src.rpm


ftp://atualizacoes.conectiva.com.br/4.0es/i386/apache-1.3.6-16cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/4.0es/i386/apache-devel-1.3.6-16cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/apache-1.3.9-17cl.src.rpm


ftp://atualizacoes.conectiva.com.br/4.1/i386/apache-1.3.9-17cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/4.1/i386/apache-devel-1.3.9-17cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/apache-1.3.9-17cl.src.rpm


ftp://atualizacoes.conectiva.com.br/4.2/i386/apache-1.3.9-17cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/4.2/i386/apache-devel-1.3.9-17cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/apache-1.3.12-14cl.src.rpm


ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-doc-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-devel-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/apache-1.3.12-14cl.src.rpm


ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-doc-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-devel-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/apache-1.3.12-14cl.src.rpm


ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-doc-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-devel-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/apache-1.3.12-14cl.src.rpm


ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-doc-1.3.12-14cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-devel-1.3.12-14cl.i386.rpm


All packages are signed with Conectiva’s GPG key. The key can be
obtained at http://www.conectiva.com.br/contato

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.