BID:9829

Apache Mod_Access Access Control Rule Bypass Vulnerability

Info

Apache Mod_Access Access Control Rule Bypass Vulnerability

Bugtraq ID:	9829
Class:	Design Error
CVE:	CVE-2003-0993
Remote:	Yes
Local:	No
Published:	Mar 09 2004 12:00AM
Updated:	Jul 12 2009 03:06AM
Credit:	Both TTSG Internet Services and Henning Brauer independently discovered this vulnerability.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Oracle Oracle HTTP Server for Apps only 1.0.2 .1s Oracle Oracle HTTP Server 9.2 .0 + Apache Apache 1.3.22 Oracle Oracle HTTP Server 9.1 + Apache Apache 1.3.12 Oracle Oracle HTTP Server 9.0.3 .1 + Oracle Oracle9i Application Server 9.0.3 .1 Oracle Oracle HTTP Server 9.0.2 .3 + Oracle Oracle9i Application Server 9.0.2 .3 Oracle Oracle HTTP Server 9.0.2 Oracle Oracle HTTP Server 9.0.1 Oracle Oracle HTTP Server 8.1.7 + Apache Apache 1.3.12 + Oracle Oracle8 8.1.7 + Oracle Oracle8i Enterprise Edition 8.1.7 .0.0 + Oracle Oracle8i Standard Edition 8.1.7 Oracle Oracle HTTP Server 1.0.2 .2 Roll up 2 Oracle Oracle HTTP Server 1.0.2 .2 Oracle Oracle HTTP Server 1.0.2 .1 Oracle Oracle HTTP Server 1.0.2 .0 Oracle HTTP Server for Server 9.2 Oracle HTTP Server for Server 9.0.1 Oracle HTTP Server for Server 8.1.7 IBM HTTP Server 1.3.19 - HP HP-UX 11.0 - IBM AIX 4.3.3 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Redhat Linux 7.1 - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 HP Webproxy A.02.10 + HP HP-UX B.11.04 HP Webproxy A.02.00 + HP HP-UX B.11.04 HP VirtualVault A.04.70 + HP HP-UX B.11.04 HP VirtualVault A.04.60 + HP HP-UX B.11.04 HP VirtualVault A.04.50 + HP HP-UX B.11.04 Apache Apache 1.3.29 + Apple Mac OS X 10.3.5 + Apple Mac OS X 10.2.7 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.2.7 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0 Apache Apache 1.3.28 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + OpenBSD OpenBSD 3.4 + OpenPKG OpenPKG 1.3 Apache Apache 1.3.27 + HP HP-UX (VVOS) 11.0 4 + HP VirtualVault 4.6 + HP VirtualVault 4.5 + HP Webproxy 2.0 + Immunix Immunix OS 7+ + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + OpenBSD OpenBSD 3.3 + OpenPKG OpenPKG Current + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Linux Advanced Work Station 2.1 + SGI IRIX 6.5.19 Apache Apache 1.3.26 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + Mandriva Linux Mandrake 9.0 + OpenPKG OpenPKG 1.1 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 Apache Apache 1.3.25 Apache Apache 1.3.24 + OpenBSD OpenBSD 3.1 + Oracle Oracle HTTP Server 9.2 .0 + Oracle Oracle HTTP Server 9.0.1 + Oracle Oracle9i Application Server 9.0.2 + Oracle Oracle9i Application Server 1.0.2 .2 + Oracle Oracle9i Application Server 1.0.2 .1s + Oracle Oracle9i Application Server 1.0.2 + Slackware Linux 8.1 + Unisphere Networks SDX-300 2.0.3 Apache Apache 1.3.23 - IBM AIX 4.3 + Mandriva Linux Mandrake 8.2 ppc + Mandriva Linux Mandrake 8.2 + Redhat Linux 7.3 i386 + Redhat Linux 7.3 + SuSE Linux 8.0 i386 + SuSE Linux 8.0 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 Apache Apache 1.3.22 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + MandrakeSoft Corporate Server 1.0.1 + Mandriva Linux Mandrake 8.1 ia64 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 7.2 + OpenPKG OpenPKG 1.0 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha Apache Apache 1.3.20 - HP HP-UX 11.22 - HP HP-UX 11.20 + MandrakeSoft Single Network Firewall 7.2 + SGI IRIX 6.5.18 + SGI IRIX 6.5.17 + SGI IRIX 6.5.16 + SGI IRIX 6.5.15 + SGI IRIX 6.5.14 m + SGI IRIX 6.5.14 f + SGI IRIX 6.5.14 + SGI IRIX 6.5.13 m + SGI IRIX 6.5.13 f + SGI IRIX 6.5.13 + SGI IRIX 6.5.12 m + SGI IRIX 6.5.12 f + SGI IRIX 6.5.12 + Slackware Linux 8.0 + Sun Cobalt Control Station 4100CS + Sun Cobalt RaQ 550 + Sun Solaris 9_x86 Update 2 + Sun Solaris 9_x86 + Sun Solaris 9 + Sun SunOS 5.9 _x86 + Sun SunOS 5.9 + SuSE Linux 7.3 sparc + SuSE Linux 7.3 ppc + SuSE Linux 7.3 i386 + SuSE Linux 7.3 Apache Apache 1.3.19 - Apple Mac OS X 10.0.3 - Caldera OpenLinux 2.4 + Debian Linux 2.3 - Digital (Compaq) TRU64/DIGITAL UNIX 5.0 - Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g - Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f + EnGarde Secure Linux 1.0.1 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 4 - HP HP-UX 11.0 - HP HP-UX 10.20 + HP Secure OS software for Linux 1.0 - HP VirtualVault 4.5 + Mandriva Linux Mandrake 8.1 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - NetBSD NetBSD 1.5.1 - NetBSD NetBSD 1.5 + OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 + OpenBSD OpenBSD 3.0 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - SCO eDesktop 2.4 - SCO eServer 2.3.1 - SGI IRIX 6.5.9 - SGI IRIX 6.5.8 - Sun Solaris 8_sparc - Sun Solaris 7.0 + SuSE Linux 7.2 i386 + SuSE Linux 7.2 + SuSE Linux 7.1 x86 + SuSE Linux 7.1 sparc + SuSE Linux 7.1 ppc + SuSE Linux 7.1 alpha + SuSE Linux 7.1 + SuSE Linux 7.0 sparc + SuSE Linux 7.0 ppc + SuSE Linux 7.0 i386 + SuSE Linux 7.0 alpha + SuSE Linux 7.0 + SuSE Linux 6.4 ppc + SuSE Linux 6.4 i386 + SuSE Linux 6.4 alpha + SuSE Linux 6.4 Apache Apache 1.3.18 Apache Apache 1.3.17 + MandrakeSoft Corporate Server 1.0.1 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 + OpenBSD OpenBSD 2.8 + SuSE Linux 7.1 Apache Apache 1.3.14 + EnGarde Secure Linux 1.0.1 - MandrakeSoft Single Network Firewall 7.2 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + SGI IRIX 6.5.11 + SGI IRIX 6.5.10 + SGI IRIX 6.5.9 + SGI IRIX 6.5.8 + SGI IRIX 6.5.7 + SGI IRIX 6.5.6 + SGI IRIX 6.5.5 + SGI IRIX 6.5.4 + SGI IRIX 6.5.3 + SGI IRIX 6.5.2 + SGI IRIX 6.5.1 + SGI IRIX 6.5 Apache Apache 1.3.12 + NetScreen NetScreen-Global PRO Express Policy Manager Server + NetScreen NetScreen-Global PRO Policy Manager Server + OpenBSD OpenBSD 2.8 + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + Sun Cobalt ManageRaQ v2 3599BD + Sun Cobalt Qube3 4000WG + Sun Cobalt RaQ XTR 3500R + Sun Cobalt RaQ4 3001R + SuSE Linux 7.0 sparc + SuSE Linux 7.0 Apache Apache 1.3.11 Apache Apache 1.3.9 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + NetScreen NetScreen-Global PRO Express Policy Manager Server + NetScreen NetScreen-Global PRO Policy Manager Server + Sun Solaris 8_x86 + Sun Solaris 8_sparc + Sun SunOS 5.8 _x86 + Sun SunOS 5.8 Apache Apache 1.3.7 -dev Apache Apache 1.3.6 + Sun Cobalt ManageRaQ3 3000R-mr + Sun Cobalt RaQ3 3000R + Sun Cobalt Velociraptor Apache Apache 1.3.4 + BSDI BSD/OS 4.0 Apache Apache 1.3.3 + Redhat Linux 5.2 sparc + Redhat Linux 5.2 i386 + Redhat Linux 5.2 alpha Apache Apache 1.3.1 Apache Apache 1.3 + Apple Mac OS X 10.3.2 + Apple Mac OS X 10.3.1 + Apple Mac OS X 10.3 + Apple Mac OS X 10.2.8 + Apple Mac OS X 10.2.7 + Apple Mac OS X 10.2.6 + Apple Mac OS X 10.2.5 + Apple Mac OS X 10.2.4 + Apple Mac OS X 10.2.3 + Apple Mac OS X 10.2.2 + Apple Mac OS X 10.2.1 + Apple Mac OS X 10.2 + Apple Mac OS X 10.1.5 + Apple Mac OS X 10.1.4 + Apple Mac OS X 10.1.3 + Apple Mac OS X 10.1.2 + Apple Mac OS X 10.1.1 + Apple Mac OS X 10.1 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.1.5 + Apple Mac OS X Server 10.1.4 + Apple Mac OS X Server 10.1.3 + Apple Mac OS X Server 10.1.2 + Apple Mac OS X Server 10.1.1 + Apple Mac OS X Server 10.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0

Not Vulnerable:	Posadis Posadis 1.3.31 Apache Apache 1.3.31 + OpenPKG OpenPKG Current

Discussion

Apache Mod_Access Access Control Rule Bypass Vulnerability

Apache mod_access has been reported to be prone to an access rule bypass vulnerability. When an Allow or Deny rule is specified and an IP address is used in the rule without a netmask, the affected module may fail to match the rule. As a result of this vulnerability, access controls may not be enforced correctly.

Exploit / POC

Apache Mod_Access Access Control Rule Bypass Vulnerability

There is no exploit required.

Solution / Fix

Apache Mod_Access Access Control Rule Bypass Vulnerability

Solution:
The vendor has addressed this issue, the fix is available through CVS at the following location:
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47

OpenPKG has released an advisory OpenPKG-SA-2004.021 to address this and other issues in Apache. Please see the referenced advisory for more information.

Slackware has released an advisory SSA:2004-133-01 to address this and other issues in Apache. Please see the referenced advisory for more information.

Trustix has released an advisory TSLSA-2004-0027 to address this and other issues in Apache. Please see the referenced advisory for more information.

Mandrake has issused advisory MDKSA-2004:046 and fixes. See reference section for more information.

Mandrake has issued a revised advisory and fixes. See advisory MDKSA-2004:046-1 in the reference section for more information.

Turbolinux has issused advisory TLSA-2004-17 and fixes. See reference section for more information.

Apache Server version 1.3.31 has been released to address this and other issues.

HP has released an advisory (HPSBUX01069) to address this and other issues. Please see the referenced advisory for more information.

Sun has released an alert (Alert ID: 57628) containing preliminary T-patches to address this and other issues in Apache. Please see the advisory in web references for more information.

Sun has released an update to Sun Alert ID: 57628. Patches for Solaris 9.0 have been made available. Patches for Solaris 8.0 are still pending.

Sun has released an update to Sun Alert ID: 57628. T-Patches (T116973-01, T116974-01) are available through normal support channels for Solaris 8 SPARC platform and Solaris 8 x86 platform. Please see the referenced Sun alert for more information.

Oracle has released a Critical Patch Update (Critical Patch Update - July 2005) to address this issue. Currently, it is unknown which exact Oracle products include vulnerable packages. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update in references.

Sun Solaris 9

Sun T-patch T113146-05.tar.Z
http://sunsolve.sun.com/pub-cgi/show.pl?target=security/tpatches

Sun 113146-05
http://sunsolve.sun.com/search/pdownload.pl?target=113146-05&method=hs

Sun Solaris 9_x86

Sun T-patch T114145-04.tar.Z
http://sunsolve.sun.com/pub-cgi/show.pl?target=security/tpatches

Sun 114145-04
http://sunsolve.sun.com/search/pdownload.pl?target=114145-04&method=hs

Apache Apache 1.3

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.1

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.11

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.12

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.14

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.17

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.18

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.19

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.20

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.22

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.23

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.24

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.25

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.26

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Mandrake apache-mod_perl-1.3.26_1.27-7.1.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake apache-mod_perl-1.3.26_1.27-7.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake HTML-Embperl-1.3.26_1.3.4-7.1.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake HTML-Embperl-1.3.26_1.3.4-7.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-common-1.3.26_1.27-7.1.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-common-1.3.26_1.27-7.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-devel-1.3.26_1.27-7.1.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-devel-1.3.26_1.27-7.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Apache Apache 1.3.27

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Mandrake apache-mod_perl-1.3.27_1.27-7.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake apache-mod_perl-1.3.27_1.27-7.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake HTML-Embperl-1.3.27_1.3.4-7.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake HTML-Embperl-1.3.27_1.3.4-7.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-common-1.3.27_1.27-7.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-common-1.3.27_1.27-7.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-devel-1.3.27_1.27-7.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-devel-1.3.27_1.27-7.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

TurboLinux apache-1.3.27-23.i386.rpm
Turbolinux Advanced Server 6
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/apache-1.3.27-23.i386.rpm

TurboLinux apache-1.3.27-23.i386.rpm
Turbolinux Server 6.1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/apache-1.3.27-23.i386.rpm

TurboLinux apache-1.3.27-23.i386.rpm
Turbolinux Server 6.5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/apache-1.3.27-23.i386.rpm

TurboLinux apache-1.3.27-23.i386.rpm
Turbolinux Workstation 6.0
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6. 0/ja/updates/RPMS/apache-1.3.27-23.i386.rpm

TurboLinux apache-1.3.27-23.i586.rpm
Turbolinux 7 Server
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/apache-1.3.27-23.i586.rpm

TurboLinux apache-1.3.27-23.i586.rpm
Turbolinux 8 Server
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/apache-1.3.27-23.i586.rpm

TurboLinux apache-1.3.27-23.i586.rpm
Turbolinux 7 Workstation
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/apache-1.3.27-23.i586.rpm

TurboLinux apache-1.3.27-23.i586.rpm
Turbolinux 8 Workstation
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/apache-1.3.27-23.i586.rpm

TurboLinux apache-devel-1.3.27-23.i386.rpm
Turbolinux Advanced Server 6
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm

TurboLinux apache-devel-1.3.27-23.i386.rpm
Turbolinux Server 6.1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/apache-devel-1.3.27-23.i386.rpm

TurboLinux apache-devel-1.3.27-23.i386.rpm
Turbolinux Server 6.5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/apache-devel-1.3.27-23.i386.rpm

TurboLinux apache-devel-1.3.27-23.i386.rpm
Turbolinux Workstation 6.0
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6. 0/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm

TurboLinux apache-devel-1.3.27-23.i586.rpm
Turbolinux 7 Server
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/apache-devel-1.3.27-23.i586.rpm

TurboLinux apache-devel-1.3.27-23.i586.rpm
Turbolinux 8 Server
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/apache-devel-1.3.27-23.i586.rpm

TurboLinux apache-devel-1.3.27-23.i586.rpm
Turbolinux 8 Workstation
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/apache-devel-1.3.27-23.i586.rpm

TurboLinux apache-manual-1.3.27-23.i386.rpm
Turbolinux Advanced Server 6
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm

TurboLinux apache-manual-1.3.27-23.i386.rpm
Turbolinux Server 6.1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/apache-manual-1.3.27-23.i386.rpm

TurboLinux apache-manual-1.3.27-23.i386.rpm
Turbolinux Server 6.5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/apache-manual-1.3.27-23.i386.rpm

TurboLinux apache-manual-1.3.27-23.i386.rpm
Turbolinux Workstation 6.0
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6. 0/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm

TurboLinux apache-manual-1.3.27-23.i586.rpm
Turbolinux 7 Server
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/apache-manual-1.3.27-23.i586.rpm

TurboLinux apache-manual-1.3.27-23.i586.rpm
Turbolinux 8 Server
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/apache-manual-1.3.27-23.i586.rpm

TurboLinux apache-manual-1.3.27-23.i586.rpm
Turbolinux 7 Workstation
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/apache-manual-1.3.27-23.i586.rpm

TurboLinux apache-manual-1.3.27-23.i586.rpm
Turbolinux 8 Workstation
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/apache-manual-1.3.27-23.i586.rpm

TurboLinux mod_ssl-2.8.14-23.i386.rpm
Turbolinux Advanced Server 6
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm

TurboLinux mod_ssl-2.8.14-23.i386.rpm
Turbolinux Server 6.1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/mod_ssl-2.8.14-23.i386.rpm

TurboLinux mod_ssl-2.8.14-23.i386.rpm
Turbolinux Server 6.5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/mod_ssl-2.8.14-23.i386.rpm

TurboLinux mod_ssl-2.8.14-23.i586.rpm
Turbolinux 7 Server
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/mod_ssl-2.8.14-23.i586.rpm

TurboLinux mod_ssl-2.8.14-23.i586.rpm
Turbolinux 8 Server
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/mod_ssl-2.8.14-23.i586.rpm

TurboLinux mod_ssl-2.8.14-23.i586.rpm
Turbolinux 7 Workstation
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/mod_ssl-2.8.14-23.i586.rpm

TurboLinux mod_ssl-2.8.14-23.i586.rpm
Turbolinux 8 Workstation
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/mod_ssl-2.8.14-23.i586.rpm

Apache Apache 1.3.28

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Mandrake apache-mod_perl-1.3.28_1.28-1.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake apache-mod_perl-1.3.28_1.28-1.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake HTML-Embperl-1.3.28_1.3.4-1.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake HTML-Embperl-1.3.28_1.3.4-1.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-common-1.3.28_1.28-1.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-common-1.3.28_1.28-1.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-devel-1.3.28_1.28-1.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-devel-1.3.28_1.28-1.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Apache Apache 1.3.29

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Mandrake apache-mod_perl-1.3.29_1.29-3.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake apache-mod_perl-1.3.29_1.29-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake HTML-Embperl-1.3.29_1.3.6-3.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake HTML-Embperl-1.3.29_1.3.6-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-common-1.3.29_1.29-3.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-common-1.3.29_1.29-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-devel-1.3.29_1.29-3.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake mod_perl-devel-1.3.29_1.29-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Slackware apache-1.3.29-i386-2.tgz
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/a pache-1.3.29-i386-2.tgz

Slackware apache-1.3.29-i386-2.tgz for Slackware 9.0
Updated package for Slackware 9.0
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/a pache-1.3.29-i386-2.tgz

Slackware apache-1.3.29-i486-2.tgz
Updated package for Slackware 9.1
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/a pache-1.3.29-i486-2.tgz

Apache Apache 1.3.3

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.4

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.6

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.7 -dev

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

Apache Apache 1.3.9

Apache Software Foundation apache 1.3.31
http://httpd.apache.org/download.cgi

References

Apache Mod_Access Access Control Rule Bypass Vulnerability

References:

Apache Homepage (Apache Software Foundation)
Critical Patch Update - July 2005 (Oracle)
Overview of security vulnerabilities in Apache httpd 2.0 (ApacheWeek)
Sun Alert ID: 57628 (Sun)