Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

NSCA HTTPd Security Hole

John T. Chapman <jtc1@cornell.edu> writes:

A number of postings have shown up recently regarding an Edupage article on 21-Feb-95. This article suggests that there is a security hole in "Mosaic," which could lead to destruction of a number of Web sites.

http://www.educom.edu/edupage.old/edupage.95/ edupage-02.21.95

Unfortunately, this article is somewhat inaccurate: the security weakness lies in the NCSA HTTPd server software (version 1.3) for Unix Web servers. The client software (Mosaic or otherwise) is not responsible for any security problems; in addition, this problem does not affect Macintosh Web servers like MacHTTP.

For more information, check out NCSA's Web page; there is also a link to a patch for the code and a patched pre-compiled binary version. The URL is:

http://hoohoo.ncsa.uiuc.edu/docs/patch_ desc.html

 

Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Apple users who actually buy stuff.
More information: <http://tidbits.com/advertising.html>