NCSA httpd Security Issues and Responses

A vulnerablity was recently (2/17/95) discovered in the NCSA httpd Release 1.3. We recommend everyone upgrade to Release 1.4. Details about the 1.3 vulnerability are still available.

A tutorial about running a secure server is available. We strongly recommend that the User Directive be used to run the server as "nobody".

Due to the vulnerabilities in the earlier releases, we will be removing them from the ftp site.

NCSA httpd Development Team

httpd@ncsa.uiuc.edu

[Back] Return to NCSA httpd Home Page