Forum OpenACS Q&A: AOLserver 3.0 vulnerability
FYI: AOLserver 3.0 vulnerability: http://www.arsdigita.com/bboard/q-and-a-fetch-msg?msg_id=000hNB
However, the exploit script therein causes no damage at all when run against my local OpenACS 3.2.5 installation, which uses AOLserver 3.3+ad13.
Is it possible that this problem was fixed in AOLserver 3.3 as well as in 3.3.1?
So it seems that the 3.3.1 + ad13 combination is what aD themselves recommend. It works for me.