Tenon Intersystems Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation

Search tenon.com

Thanks to:

WebTen
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

Re: Apache Vulnerability in WebTen

To: webten@xxxxxxxxxxxxxxx
Subject: Re: Apache Vulnerability in WebTen
From: Terry Allen <hmag@xxxxxxxxxxxxxx>
Date: Sat, 22 Jun 2002 13:09:31 +1000 
>To all WebTen users:
>
>By now most of you have probably see the recent CERT Advisory about
>an Apache Vulnerability:
>http://www.cert.org/advisories/CA-2002-17.html
>
>The Apache in WebTen is subject to this vulnerability.  Since WebTen
>is a Mac OS 9 product and since Tenon firmly believes that Macintosh
>webmasters should transition to Apple's new (and much stronger) Mac
>OS X, we have chosen not to update WebTen's Apache.
>
>However, since WebTen includes Squid, turning Squid ON will alleviate
>concerns about this new vulnerability.  In essence, running Squid as
>an HTTPD accelerator for Apache, shields the user from the invalid
>chunked-encoding requests that Apache is vulnerable to.
>
>So our advice is 1) make plans to transition to Mac OS X.  And 2), in
>the interim, make sure that you turn Squid ON.
>
>Note:  Although Tenon recommends the use of Squid for performance reasons,
>there may be a specific reason why you are running WebTen without Squid.
>If you are in this situation, please contact Tenon Technical Support
>(support@xxxxxxxxx) for further guidance.
>
>As has been discussed on this list, a new paper that helps webmasters
>move from Mac OS (WebTen or WebSTAR) to Mac OS X (with iTools) is in
>process and should be available early next week.   Meanwhile, if
>you're ready to make the move (iTools 6.5 has been updated to Apache
>1.3.26, so it is not subject to being exploited by this
>vulnerability), just give Tenon a call and we'll be happy to help you
>make the transition.
>
>Erik.
>
Hi again,
        Well, I agree that people should really be moving to OSX, though I
must disagree with Squid being switched on - I & others on this list have
previously posted about the 'stalling' problem with the http server on
WebTen, which seems to be alleviated with switching Squid off.


        Bye for now, Terry Allen
        ___________________________________________________________________
hEARd

Postal Address:
        hEARd
        c/o 128 The Entrance Rd
        The Entrance
        NSW    2261
        Australia

Internet -
        WWW:
        http://heard.com.au or http://www.ozemail.com.au/~hmag
        http://hosting.heard.com.au

Interactive Message Board - http://heard.com.au/wwwboard/

EMAIL: (checked every Thursday & Sunday, sometimes more often)
hmag@xxxxxxxxxxxxxx

-----------------------------------------------
Non profit promotion for new music - since 1994
-----------------------------------------------
Also, check out the Educate site - http://www.educate.net.au
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Apache Vulnerability in WebTen, Erik Lotspeich
Next by Date:  Re: Apache Vulnerability in WebTen, Ed Pastore
Previous by Thread:  Apache Vulnerability in WebTen, Erik Lotspeich
Next by Thread:  Re: Apache Vulnerability in WebTen, Erik Lotspeich
Indexes:  [Date] [Thread] [Top] [All Lists]
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |

Powered By iTools

Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara, CA 93101. All rights reserved.
Questions about our website - Contact: webmaster@tenon.com.

Tenon Home Tenon Home Tenon Home Tenon Home Product Info Tenon Ordering Contact About Register Support Resources Press Mailing Lists