Hello,
When installing apache2.2 from binary packages in my OS ive seen that
it is dependant of theBerkeley DB package. Is this actually needed
by the apache core? or is it a result of enabling a certain module i
can actually disable??
Where could i get the list of dependencies for a minimal
Hello,
I have this configure line:
CONFIGURE_ARGS+=
--prefix=${HTTPD_DIR} \
--exec-prefix=${LOCALBASE} \
--sysconfdir=${CONFDIR} \
--with-apr=${LOCALBASE}/bin/apr-1-mt-config \
Hello,
Ive seen that 2.2.14 comes with a patch for the recent SSL
renegotiation vulnerability. Could anybody tell me if there is a patch
available for apache 2.2.13 .. iam not ready to update yet.
Thank you.
David
-
The officia
Hello,
A portion of our users are coming in our sites with a query string get var.
I want to read that VAR and convert it to a cookie for permanent use in the
future.
How do I read a get var and pass it to mod_headers ?
Btw, for those of you who wonder why we are not doing this with mod_rewrite
Greetings William,
On Thu, Sep 10, 2009 at 8:18 PM, William A. Rowe, Jr.
wrote:
>
>
> No, you misinterpreted; the application developer must expose a DoS/memory
> exhaustion vector; where that exists, and the affected version of APR
> is used, and the information written to the never-allocated bu
Hello William.
You mentioned as far as APR causing a DoS, how about the execution of
arbitrary code through apache as the CVE says..?
Thank you
Daniel
On Thu, Sep 10, 2009 at 6:54 PM, William A. Rowe, Jr.
wrote:
> David Taveras wrote:
> >
> > I run apache 2.2.9 & apache 2.
Hello,
I run apache 2.2.9 & apache 2.2.11 both with apr-1.2.11p2 &
apr-util-1.2.10p2
According to the CVE at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 only 0.9.x and
1.3.x are affected . Could anybody confirm that this is so? If not.. how
bad is this vulnerability to a us
Hello,
Ive been told that there a server level approach to be able to block
external sites which are calling my server for requests via an iframe. Their
idea is to steal my dynamic content and make it look like theirs.
I know this can be blocked with a js, but i was wondering if there is a more
r
Hello,
I have a site that uses mod_rewrite for URLs... id like to include a
tracking cookie for users that are entering via URLs made by mod_rewrite.
The problem is that the cookie isnt getting passed through the mod_rewrite
URL.
Ive been told (and tested) that Apache2 mod_rewrite does indeed man
Hello,
Iam still a user of apache 2.2.9 and wish to know what vulnerabilites this
version is exposed to aisde from: CVE-2008-2939
Is there any site, where I can get an accurate listing? CVE site seems
confusing and I just wonder if there is something more practical.
Thank you.
Daniel
10 matches
Mail list logo
