search for: mod_cookie

...remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. ---559023410-1254324197-853117123=:29978 Content-Type: TEXT/PLAIN; charset=US-ASCII Two security problems have been noticed in the Apache 1.1.1 code base: 1) A hole in mod_cookies which allows outside users to attempt to scribble the memory stack used by Apache, which could lead to the granting of shell access to an outsider as the same user the httpd children are. Mod_cookies is *not* compiled into the server by default - if you did not uncomment the mod_cookies line in y...

...ry 12, 1997 Vulnerabilities in the Apache httpd There is a serious vulnerability in the cookies module of the Apache httpd, version 1.1.1 and earlier, which makes it possible for remote individuals to obtain access to systems running the Apache httpd. Only sites which enabled mod_cookies, a nondefault option, are vulnerable. Technical Details ~~~~~~~~~~~~~~~~~ The function make_cookie, in mod_cookies.c uses a 100 byte buffer, new_cookie to store information used to track web site users. The hostname, which with even the most cautious of resolver libraries, can be up to 255 chara...