[Kolab-devel] mod_rewrite (CVE-2006-3747), not vulnerable?

Bernhard Reiter bernhard at intevation.de
Mon Jul 31 16:02:14 CEST 2006


According to 
http://www.kb.cert.org/vuls/id/395412

and a look at 
server / kolabd / kolabd / templates / httpd.conf.template.in 
current Kolab Server instances should not be vulnerable to
mod_rewrite  (CVE-2006-3747) in the default configuration,
as we do not give the user a chance to modify the beginning of
the target string.

If someone manually has added other Rewrite rules,
it could introduce a vulnerability and should patch apache.

Opinions?

Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1310 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20060731/b41718d7/attachment.p7s>


More information about the devel mailing list