The Apache Software Foundation has
rushed out another update to the Apache 2.0 HTTP Server because of a
significant denial-of-service vulnerability discovered and reported by
security research firm iDefense.
An announcement
from the Foundation warned that prior Apache 2.0 versions through 2.0.44
contained a serious DoS flaw (define).
Details of the
vulnerability have been embargoed until April 8, but the group wanted to issue a safe upgrade after an embarrassing incident last June, when a high-risk exploit was released on
security mailing lists before a patch could be issued.
"No more specific information is disclosed at this time, but all Apache
2.0 users are encouraged to upgrade now," the ASF said. The two security
flaws affect all platforms. Flaws Detected in Microsofts Vista > Comments::
in fact, Apache vs IIS for instance shows that it doesnt have to be true. Back in the dos days you had to run scared of your friends floppy disks cause
http://newmobilecomputing.com/comments/16822HOME |
That June exploit made the rounds on the popular Bugtraq list with the warning
that the Apache exploit tool was "./friendly," meaning anyone with basic
scripting capabilities "should be able to run it without any trouble." The
release of the source code for the exploit added new fuel to the controversy
over how the bug announcement was handled. The original warning was first
reported by the ISS, causing friction between the security outfit and the
Apache Foundation.
Apache officials were upset they weren't first notified before the ISS
issued its advisory and patch, a normal procedure when bugs are detected.
Vistas Price Falls; How Long Before Yahoos Price Rises? - Bits ::
LOL i think not, im always breaking my install and having to fix something. Google is starting to challenge Microsoft at a a very serious level.
http://bits.blogs.nytimes.com/2008/02/29/vistas-price-falls-how-los-price-rises/index.htmlHOME |
This time around, the Foundation is taking no chances, urging users to
upgrade immediately before details are released in a week's time.
The latest Apache 2.0.45 release (download here) also
eliminates leaks of several file descriptors to child processes, such as CGI
scripts, which could constitute a security threat on servers that run
untrusted CGI scripts. Web Security Project::
lead to serious data loss, downtime, denial of service and other types of security this hole. There is still no fix for this flaw. 7. th. Aug 96
http://islab.oregonstate.edu/koc/ece478/project/web1.pdfHOME |
For OS2 users, Apache's announcement contained an ominous warning that the 2.0.45 release would still contain the DoS vulnerability. The Foundation promised a fix for that flaw with an upcoming release of version 2.0.46 but insisted the DoS issues were "too important" to delay further.
Apache is an open-source Web server project developed and maintained by
volunteers within the ASF. Latest statistics from Netcraft show Apache dominating
the Web server market, with 63 percent, or nearly 24.5 million sites, well
ahead of server products from Microsoft and Sun
Microsystems.
 Open eBook Promotes New XML Spec
 Security Holes in RealPlayer, QuickTime
| 
HOME