Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

NSCA HTTPd Security Hole

John T. Chapman <jtc1@cornell.edu> writes:

A number of postings have shown up recently regarding an Edupage article on 21-Feb-95. This article suggests that there is a security hole in "Mosaic," which could lead to destruction of a number of Web sites.

http://www.educom.edu/edupage.old/edupage.95/ edupage-02.21.95

Unfortunately, this article is somewhat inaccurate: the security weakness lies in the NCSA HTTPd server software (version 1.3) for Unix Web servers. The client software (Mosaic or otherwise) is not responsible for any security problems; in addition, this problem does not affect Macintosh Web servers like MacHTTP.

For more information, check out NCSA's Web page; there is also a link to a patch for the code and a patched pre-compiled binary version. The URL is:

http://hoohoo.ncsa.uiuc.edu/docs/patch_ desc.html

 

Smile makes tools so you can have a productive day. PDFpen: Massage
your PDFs into shape on Mac, iPhone, and iPad. TextExpander:
Automate typing on Mac, Windows (in beta), iPad, and iPhone.
Free trials and friendly support. <http://smle.us/smile-tb>