Bug#273412: marked as done (CAN-2004-0811: Apache 2.0.51 authentication bypass)

infodrom.org by kyllikki.infodrom.north.de id m1CBKBR-002FMTC (Debian Smail-3.2.0.115 2003-Jun-18 #2); Sat, 25 Sep 2004 23:34:21 +0200 (MEST) Date: Sat, 25 Sep 2004 23:34:21 +0200 From: Martin Schulze <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: CAN-2004-0811: Apache 2.0.51 authentication bypas

Bug#273412: CAN-2004-0811: Apache 2.0.51 authentication bypass

Package: apache2 Version: 2.0.51-2 Severity: critical Tags: security A problem has been reported to exist in Apache after upgrading to 2.0.51 which results in being able to access web pages one shouldn't be able to access, i.e. bypassing the authentication method. Here's a fix > http://www.apach

RE: CAN-2004-0811: Apache 2.0.51 authentication bypass

Martin Schulze wrote: > > Please take care of this issue. This seems to affect the version in > sid as well. Please mention the CAN from in the changelog when you > prepare an update. I'll be releasing 2.0.52 with this, and other RC fixes, as soon as upstream rolls the official tarball. ... Ad

Re: CAN-2004-0811: Apache 2.0.51 authentication bypass

Please take care of this issue. This seems to affect the version in sid as well. Please mention the CAN from in the changelog when you prepare an update. Mark J Cox wrote: > A number of users have reported that after upgrading to 2.0.51 their > password protected pages have been served without r