[imp] Apache SSL and Horde/IMP

Miroslaw Jaworski mjaw@ipartners.pl
Wed Oct 23 09:48:43 2002

Previous message: [imp] Apache SSL and Horde/IMP
Next message: [imp] Re: [horde] Apache SSL and Horde/IMP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Miroslaw Jaworski (mjaw@ipartners.pl) [021023 10:33] wrote:
> * Theresa M Peter (theresa@email.uc.edu) [021023 09:26] wrote:
> > All-
> > 
> > I am in kind of a bind right now. How do I configure horde to use apache 
> > without SSL support? Currently, we are using apache with SSL and 
> > unfortunately we were hit with the Slapper worm, since we were using 
> > openssl-0.9.6b-8 which is vulnerable.
> > 
> > Instead of rebuilding from scratch I was just hoping to shut down the 443 
> > port which shuts down the vulnerability until I can rebuild from scratch 
> > over a weekend. Unfortunately, anytime I do this instead of getting an HTML 
> > page I get the PHP code showing up on screen.
> 
> Disabling apache ssl won't change anything - by running old Apache on 80 
> port you're still vulnerable ( anyone can place a code on your machine,
> whether he uses ssl hole or any other local exploit ).

should be:
[...] anyone can place a code on your machine; whether he uses ssl hole or 
any other local exploit then - doesn't matter - you're vulnerable ).

Regards

MJ.

-- 
Miroslaw.Jaworski@ipartners.pl  ( Psyborg )  MJ102-RIPE  Internet Partners
Server Administration Department Manager

Previous message: [imp] Apache SSL and Horde/IMP
Next message: [imp] Re: [horde] Apache SSL and Horde/IMP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]