[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#540862: apache2: xml-based firewall bypass / port scanning vulnerability

package: apache2
version: 2.2.3-4+etch6
severity: important
tags: security

it has been dislosed that apache (and potentially other web servers)
can be used to port scan behind a firewall.  i don't think this issue
issue too severe, but a firewall bypass nevertheless is probably not a
good thing.  see [0].

[0] http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-00.pdf

Reply to: