© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Sent mail to <email address hidden> 2011-07-15 (no reply) and again today:
Dear Apache Httpd Security Team,
It seems possible to execute arbitrary via the bug reported
2011-07-15. Since this requires a crafted .htaccess file on the host,
this might not be a too big issue.
See
http://
for first draft of multi-thread exploit (url not published elsewhere).
Currently I'm trying to get more stable code executing using the
stop-regex approach and just a single thread.
I checked the reporting guidelines again today and found, that there is a different security contact mail address mentioned. I'm not sure, if something has changed at apache website or I just picked up an dead address. Resending to <email address hidden>