httpd security patch

kevinh (Kevin 'Kev' Hughes)

Mail folder: WWW Talk Jan 94-present
Next message: Lou Montulli: "Re: heretical suggestion"
Previous message: Denys Duchier: "Re: A Truly Heretical Suggestion"

Date: Mon, 28 Mar 94 09:28:59 PST
From: kevinh (Kevin 'Kev' Hughes)
Message-id: <9403281728.AA03482@eit.COM>
To: www-talk-1994q1@eit.COM
Subject: httpd security patch


> A vulnerability has been identified with NCSA httpd 1.1's access
> control. The impact of this is that if you have files which are
> protected by httpd's access control via the global ACF access.conf,
> the protection can be circumvented and access can be gained to the
> files regardless of the client's DNS hostname, host IP address, or
> HTTP user name.

	Just so everyone knows, EIT's server and the CommerceNet server
have been patched.

	-- Kev