Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals

NSCA HTTPd Security Hole

John T. Chapman <[email protected]> writes:

A number of postings have shown up recently regarding an Edupage article on 21-Feb-95. This article suggests that there is a security hole in "Mosaic," which could lead to destruction of a number of Web sites.

http://www.educom.edu/edupage.old/edupage.95/ edupage-02.21.95

Unfortunately, this article is somewhat inaccurate: the security weakness lies in the NCSA HTTPd server software (version 1.3) for Unix Web servers. The client software (Mosaic or otherwise) is not responsible for any security problems; in addition, this problem does not affect Macintosh Web servers like MacHTTP.

For more information, check out NCSA’s Web page; there is also a link to a patch for the code and a patched pre-compiled binary version. The URL is:

http://hoohoo.ncsa.uiuc.edu/docs/patch_ desc.html

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.