similar to: Apache mod_perl cross site scripting vulnerability

How about something like: <Location /perl-status> # disallow public access Order Deny, Allow Deny from all Allow from 127.0.0.1 SetHandler perl-script PerlResponseHandler Apache2::Status </Location> 2015-08-11 14:46 GMT+03:00 Proxy One <proxy-one at mail.ru>: > Hello, > > I've failed latest PCI scan because of

On Tue, Aug 11, 2015 at 4:46 AM, Proxy One <proxy-one at mail.ru> wrote: > I haven't used <Location /perl-status> but Trustwave still finds me > vulnerable. > [...] > Response: HTTP/1.1 404 Not Found You clearly aren't serving perl-status; that's a red herring here. [...] > Body: contains

On 2015-Aug-11 19:57, Ellen Shull wrote: > On Tue, Aug 11, 2015 at 4:46 AM, Proxy One <proxy-one at mail.ru> wrote: > > > I haven't used <Location /perl-status> but Trustwave still finds me > > vulnerable. > > > [...] > > Response: HTTP/1.1 404 Not Found > > You clearly aren't serving perl-status; that's a red herring here. Indeed,

On Wed, Aug 12, 2015 at 3:39 AM, Proxy One <proxy-one at mail.ru> wrote: > Is there way to use curl for testing? I'm getting new line because of > the single quote inside string and escaping it with back slash gives me > bash: syntax error near unexpected token `<' You can use curl's -K option which lets you stick arguments in a file, helpful for getting around shell

http://httpd.apache.org/security/vulnerabilities_20.html states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68. i am no longer a httpd expert, but at least one of the security fixes involves XSS attacks via malformed ftp commands. I also realize that redhat / centos may patch things separately from Apache and that the sysadmin has a great deal to do with how secure things

Being new to testing and ruby, are there "standard" tests that can be done that test for things like cross site scripting and friends? If not, anyone have ideas on what I might do about testing those sorts of things? I''ll be using rails, also. Mike B. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging

Hi! I wanna take a stab at implementing better XSS prevention for Rails. This time for real =) I''m wondering what would be the better way, clean everything up with tidy first and then do the rest with regexp or regexp all the way? Anybody done this before? Thanks! Ciao! Florian

Hello, In order to overcome a known performance bug in perl-5.8.8-10 in centos 5 (see https://bugzilla.redhat.com/show_bug.cgi?id=196836) I downloaded the perl package from fedora 8 (http://mirror.internode.on.net/pub/fedora/linux/releases/8/Fedora/source/SRPMS/perl-5.8.8-30.fc8.src.rpm) and mod_perl

CentOS Errata and Bugfix Advisory 2014:0418 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0418.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 4316370de36fc875ae36e399a7b4cda3847431146e4857a58249275f08438f34 mod_perl-2.0.4-11.el6_5.i686.rpm

CentOS Errata and Security Advisory 2018:2737 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:2737 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: bbd94adf701dd46081eddc0e27769f3c42acf9d2ff3e16451099cd97fbea5415 mod_perl-2.0.4-12.el6_10.i686.rpm

CentOS Errata and Security Advisory CESA-2007:0395 mod_perl security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2007-0395.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/mod_perl-1.99_09-12.ent.i386.rpm updates/i386/RPMS/mod_perl-devel-1.99_09-12.ent.i386.rpm source:

CentOS Errata and Security Advisory CESA-2007:0395 mod_perl security update for CentOS 3 x86_64: https://rhn.redhat.com/errata/RHSA-2007-0395.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/mod_perl-1.99_09-12.ent.x86_64.rpm updates/x86_64/RPMS/mod_perl-devel-1.99_09-12.ent.x86_64.rpm source:

CentOS Errata and Security Advisory 2007:0395 Low Upstream details at : https://rhn.redhat.com/errata/RHSA-2007-0395.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: bb0293484b09eb82ef049e47b642271d mod_perl-2.0.2-6.3.el5.x86_64.rpm 65016843550b551e147a15130ce1f904 mod_perl-devel-2.0.2-6.3.el5.i386.rpm

CentOS Errata and Security Advisory 2007:0395 https://rhn.redhat.com/errata/RHSA-2007-0395.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/mod_perl-1.99_16-4.5.s390.rpm updates/s390/RPMS/mod_perl-devel-1.99_16-4.5.s390.rpm s390x: updates/s390x/RPMS/mod_perl-1.99_16-4.5.s390x.rpm

CentOS Errata and Security Advisory 2007:0395 https://rhn.redhat.com/errata/RHSA-2007-0395.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/mod_perl-1.99_09-12.ent.s390.rpm updates/s390/RPMS/mod_perl-devel-1.99_09-12.ent.s390.rpm s390x: updates/s390x/RPMS/mod_perl-1.99_09-12.ent.s390x.rpm

I've got httpd and mod_perl installed, but I seem to have an application that requires part of mod_perl that doesn't seem to be properly installed into perl, notably, the 'Apache' portion. To 'fix' this, cpan would like to install either mod_perl-1.29, or alternatively to install mod_perl-2.0.2. 1.29 doesn't seem smart, and 2.0.2 absolutely will not install over the

CentOS Errata and Security Advisory 2007:0395 Low Upstream details at : https://rhn.redhat.com/errata/RHSA-2007-0395.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 947c1ee56b0b91a63c1b413f03fd278d mod_perl-2.0.2-6.3.el5.i386.rpm 65016843550b551e147a15130ce1f904 mod_perl-devel-2.0.2-6.3.el5.i386.rpm Source:

CentOS Errata and Security Advisory 2007:0395 https://rhn.redhat.com/errata/RHSA-2007-0395.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: mod_perl-1.99_16-4.5.i386.rpm mod_perl-devel-1.99_16-4.5.i386.rpm src: mod_perl-1.99_16-4.5.src.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type:

CentOS Errata and Security Advisory 2007:0395 https://rhn.redhat.com/errata/RHSA-2007-0395.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: mod_perl-1.99_16-4.5.x86_64.rpm mod_perl-devel-1.99_16-4.5.x86_64.rpm src: mod_perl-1.99_16-4.5.src.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc

Any repository maintaining Apache rpm with mod_perl for CentOS? How do I maintain rpm installs from repos and also maintain ability to use various mods that I would like to use? Or do I have to ./configure ;-) With regards. Sanjay.