Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 415
Alerts This Week
Warning Icon 1 415

Apache 1.3.26 Security Advisory: Transfer Encoding Fix Critical Issue

General Esm H446
"This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 1.3.26 addresses and fixes the issues noted in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding.. . . "This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 1.3.26 addresses and fixes the issues noted in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding.

We would like to thank Mark Litchfield of ngssoftware.com for discovering and reporting the vulnerability.

We consider Apache 1.3.26 to be the best version of Apache 1.3 available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family. Users should also consider upgrading to Apache 2.0 as soon as all of the modules they need become available for 2.0."

See Apache Web Server Security Alert and ISS for a complete summary.

The link for this article located at Apache Project is no longer available.