Apache 1.3.19 Security Advisory: Moderate Risk of Directory Exposure

In this column, we look at buffer overflows in icecast, Half-Life Dedicated Server, Solaris SNMP, ipop2d, ipop3d, and imapd; format string vulnerabilities in icecast, mutt, Half-Life Dedicated Server, and cfengine; temporary-file problems in the SGML-Tools package and Mesa; and problems with . . . In this column, we look at buffer overflows in icecast, Half-Life Dedicated Server, Solaris SNMP, ipop2d, ipop3d, and imapd; format string vulnerabilities in icecast, mutt, Half-Life Dedicated Server, and cfengine; temporary-file problems in the SGML-Tools package and Mesa; and problems with Apache, several FTP daemons, a Solaris SNMP agent, vBulletin, FTPFS, and Ikonboard.

In some circumstances, the Apache web server may display a directory listing when it should display an error message. It has been reported that all versions of Apache prior to 1.3.19 are affected.

The Apache Software Foundation and the Apache Server Project have released version 1.3.19 of the Apache web server. It is strongly recommended that all users of older versions upgrade to 1.3.19. No further releases are planned for the Apache 1.2.x series.