mark :: blog

23 Feb 2003: mod_dav suprise

Had an interesting week wading through vulnerability details and the various advisories which never really seem to match the facts. Take one Linux vendor for example who got confused about the Oracle mod_dav vulnerability and, even though they were not affected by the vulnerability, released new Apache mod_dav packages. To add to the confusion their newly released errata packages had actually added a patch which added in the vulnerability. So they started out not vulnerable, but then released a patch which was meant to remove the vulnerability but actually really made them vulnerable. No wonder folks are confused. Wrote a bit of a rant about it in Apache Week this week.

Created: 23 Feb 2003
Tagged as: , , ,

Hi! I'm Mark Cox. This blog gives my thoughts on security work, open source, home automation, and other topics.