[Kolab-devel] mod_rewrite (CVE-2006-3747), not vulnerable?
Bernhard Reiter
bernhard at intevation.de
Mon Jul 31 16:02:14 CEST 2006
According to
http://www.kb.cert.org/vuls/id/395412
and a look at
server / kolabd / kolabd / templates / httpd.conf.template.in
current Kolab Server instances should not be vulnerable to
mod_rewrite (CVE-2006-3747) in the default configuration,
as we do not give the user a chance to modify the beginning of
the target string.
If someone manually has added other Rewrite rules,
it could introduce a vulnerability and should patch apache.
Opinions?
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1310 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20060731/b41718d7/attachment.p7s>
More information about the devel
mailing list