Author Archive
Remote Apache Vulnerability Announced
June 17, 2002
A remote vulnerability has been discovered in the Apache HTTP server, versions up to 1.3.24 and 2.0 through 2.0.36 for both Windows and *nix. The hole is in routines which deal with invalid requests encoded using chunked encoding, which is enabled by default. A maliciously crafted request could lead to denial of service or possibly […]
Microsoft Issues IIS & RAS Security Alerts
June 16, 2002
Two more MS security advisories have been issued for today. The first and most critical: a buffer overflow has been discovered in Microsoft IIS web servers – this time in the ISAPI extension that handles HTR scripting. On IIS 4.0 an attacker would be able to gain complete control of the server, while 5.0’s HTR […]
MS Patches SQL Hole
June 13, 2002
It’s a busy day for Microsoft security. Bulletin MS02-030 deals with – you guessed it – an unchecked buffer in SQLXML, which comes with SQL Server 2000. A script-injection vulnerability also exists which can lead to privilege elevation. The issue has been rated as a moderate-risk security hole and the patch should be applied immediately. […]
« Older Entries Newer Entries »
