Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
2
Replies

VMS, Apache vuln version

ibanezm
Level 4
Level 4

‎12-10-2004 09:50 AM

Is there VMS documentation addressing the Apache vulnerabilities in versions earlier than 1.3.33 (ref http://www.apacheweek.com/features/security-13). I understand the latest VMS version is running Apache 1.3.27.

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎12-12-2004 02:43 PM

Apache v1.3.33 fixes 2 potential security issues:

CAN-2004-0940 (cve.mitre.org) :Fix potential buffer overflow with escaped characters in SSI tag string.

This vulnerability is applicable, only if the Apache Server has SSI (Server-side Include) feature enabled. VMS does not enable SSI, so we are not affected by this.

CAN-2004-0492 (cve.mitre.org) :Reject responses from a remote server if sent an invalid (negative) Content-Leng

This vulnerability is applicable in mod_proxy module only if the Apache Server is configured as a proxy. But we are not using mod_proxy module in

CiscoWorks so again, we are not affected.

Hope that helps.

0 Helpful

ibanezm
Level 4
Level 4
In response to gfullage

‎12-15-2004 12:21 PM

gfullage - Thanks for the detailed answer. That answers the question.

mai

0 Helpful
Customers Also Viewed These Support Documents