| 信息提供: | 感谢Linuxworm提供本公告。 安全公告(或线索) |
| 发布日期: | 2001年3月13日 |
| 更新日期: | 2001年6月29日 |
| 受影响的系统: | Apache Group Apache 1.3.9 - Sun Solaris 8.0_x86 - Sun Solaris 8.0 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 Apache Group Apache 1.3.3 + RedHat Linux 5.2 sparc + RedHat Linux 5.2 i386 + RedHat Linux 5.2 alpha Apache Group Apache 1.3.17win32 - Microsoft Windows ME - Microsoft Windows 98se - Microsoft Windows 98 - Microsoft Windows 95 - Microsoft Windows NT 4.0SP6a + Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP6 + Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP5 + Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP4 + Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP3 + Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP2 + Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP1 + Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 SP2 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 Apache Group Apache 1.3.17 + S.u.S.E. Linux 7.1 + OpenBSD OpenBSD 2.8 Apache Group Apache 1.3.14 + MandrakeSoft Linux Mandrake 7.2 Apache Group Apache 1.3.12 + S.u.S.E. Linux 7.0sparc + S.u.S.E. Linux 7.0 + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha |
| 不受影响的系统: | Apache Group Apache 1.3.19 - Sun Solaris 8.0 - Sun Solaris 7.0 - SGI IRIX 6.5.9 - SGI IRIX 6.5.8 - S.u.S.E. Linux 7.1 - S.u.S.E. Linux 7.0 - S.u.S.E. Linux 6.4 - RedHat Linux 7.1 - RedHat Linux 7.0 - RedHat Linux 6.2 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - NetBSD NetBSD 1.5.1 - NetBSD NetBSD 1.5 - MandrakeSoft Linux Mandrake 8.0 - MandrakeSoft Linux Mandrake 7.2 - MandrakeSoft Linux Mandrake 7.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - Digital (Compaq) TRU64/DIGITAL UNIX 5.0 - Digital (Compaq) TRU64/DIGITAL UNIX 4.0g - Digital (Compaq) TRU64/DIGITAL UNIX 4.0f + Debian Linux 2.3 - Caldera eServer 2.3.1 - Caldera eDesktop 2.4 - Caldera OpenLinux 2.4 |
| 漏洞描述: | Apache HTTPD是WWW服务器软件,它由Apache软件开发组所开发和拥有。Apache HTTPD是共享软件,它可以在所有的UNIX类型操作环境和Microsoft操作系统下运行。Apache HTTPD存在安全漏洞问题。在Apache的默认配置中,它允许mod_dir,mod_autoindex,and mod_negotiation。非法用户通过给Apache服务器发送包含许多“/”的长路径名,就可能导致Apache运行不正常,从而获取目录内容列表。成功利用该漏洞,远程恶意用户就可以收集系统信息,进而破坏系统。 |
| 解决方法: | 补丁下载地址: Apache Group Apache 1.3.9: Apache upgrade apache_1.3.19.tar.gz Apache Group Apache 1.3.17win32: Apache upgrade apache_1.3.19.tar.gz Apache Group Apache 1.3.17: Apache upgrade apache_1.3.19.tar.gz Apache Group Apache 1.3.14: Apache upgrade apache_1.3.19.tar.gz EnGarde Secure Linux RPM 1.0.1 i386 apache-1.3.20-1.0.25.i386.rpm Apache Group Apache 1.3.12: Apache upgrade apache_1.3.19.tar.gz |