[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#453783: apache2: CVE-2007-4465



Package: apache2
Severity: grave
Justification: user security hole

Seems to me that Debian (sarge or etch or even sid) apache packages are
not yet patched against

  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465

Seems to me that the obvious workarounds of turning Indexes off or
having an index.html everywhere, protects just fine; and wonder why
Apache does not say so.

Cheers,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm1.11
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)




Reply to: