07-08-2009 12:20 PM
Is LMS 3.1 vulnerable to this:
Affected Technologies Apache prior to 2.2.3
Apache prior to 1.3.37
Apache prior to 2.0.59
Description Description: The Rewrite module (mod_rewrite) for Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one buffer overflow in the escape_absolute_uri() LDAP scheme handling function. If RewriteRule is enabled and does not contain a Forbidden(F), Gone(G), or NoEscape(NE) flag, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the server to crash.
Remedy:
For Apache 2.2.x:
Upgrade to the latest version of Apache (2.2.3 or later), available from the Apache Web site. See References.
For Apache 1.x:
Upgrade to the latest version of Apache (1.3.37 or later), available from the Apache Web site. See References.
For Apache 2.0.x:
Upgrade to the latest version of Apache (2.0.59 or later), available from the Apache Web site. See References.
Additional Details
Solved! Go to Solution.
07-08-2009 12:37 PM
No, we are not vulnerable. We do not use mod_rewrite. But to put your mind at ease, you can apply the patch to upgrade to Apache 1.3.41 from http://www.cisco.com/cgi-bin/tablebuild.pl/cw2000-cd-one .
07-08-2009 12:37 PM
No, we are not vulnerable. We do not use mod_rewrite. But to put your mind at ease, you can apply the patch to upgrade to Apache 1.3.41 from http://www.cisco.com/cgi-bin/tablebuild.pl/cw2000-cd-one .
07-08-2009 12:39 PM
That's what I needed. Thanks for the quick reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide