DAV

Thu Oct 7 19:04:13 UTC 2004

On Thu, Oct 07, 2004 at 07:58:20PM +0100, Joe Orton wrote:
> It's not CGI scripts which is the issue, the issue is whether or not an
> OpenSSL buffer overflow gives you remote root or just the privileges of
> the "apache" user as it currently does.

That would be a problem yes. You'd end up with apache able to  access any
files in the system. I guess mod_webdav should never have been mod_