|
Vulnerability Apache::ASP Affected Apache::ASP prior to v1.95 Description Joshua Chamas found following. Apache::ASP had a security hole in its ./site/eg/source.asp distribution examples file, allowing a malicious hacker to potentially write to files in the directory local to the source.asp example script. The next version of Apache::ASP v1.95 going to CPAN will not have this security hole in its example ./site/eg/source.asp The general CHANGES for this release is below. The original report on a similar perl open() bug was at ZDNet's eWeek where a hacking contest at openhack.com turned up a bug on its minivend ecommerce software. For minivend, see: http://oliver.efri.hr/~crv/security/bugs/Others/minivend.html Solution Until you have the latest examples, it is recommended deleting this source.asp file from any public web server that has Apache::ASP installed on it. 1.95 fixed this.