|
|
Main Menu |
|
|
Please support: |
|
|
A proud member of: |
|
| |
See all
|
New Apache Worm Starts to Spread |
|
|
admin writes "Security experts are rushing to decode a worm program that exploits a 2-week-old flaw to infect computers running vulnerable versions of the popular open-source Apache Web server application.
The worm is thought to be capable of spreading only to Web servers running the FreeBSD operating system, an open-source variant of Unix, that haven't had a patch applied for the recent flaw. Although few people have reported the worm, it is thought to be infecting vulnerable Web servers worldwide...
At present, if the Apache worm tries to spread to any non-FreeBSD system, it will likely crash the session on the server to which the worm had connected. That's not so bad, said [eEye Digital Security's chief hacking officer Marc] Maiffret, but it could cause many servers to crash if the worm develops into an epidemic..."
Note: Not nice to see yet another Apache flaw.......
|
Posted by admin on Saturday, June 29, 2002 - 06:38 PM (137 Reads)
Read more... (141 bytes more) comments?
|
|
|
|
Experts Warn of Major Hole in Apache Web Server |
|
|
admin writes "A security flaw in the popular Apache Web server could allow a malicious hacker to launch a denial of service attack or even take over a system on which the software is running, the Apache Software Foundation warned in an advisory on Monday.
"The flaw relates to the way the Web server parses uploaded data, and can cause the software to misinterpret the size of incoming chunks of data. It can be exploited by sending a carefully crafted request to the server, said the Foundation, which manages development of the open-source Apache products.
This affects all versions of Apache 1.3 and Apache 2 up to 2.0.36.
The official advisory is here.
Check on the latest developments at httpd.apache.org."
Note: The Apache Software Foundation has since released versions 1.3.26 and 2.0.39 to address and fix this issue. These version are available for download from httpd.apache.org.
|
Posted by admin on Tuesday, June 18, 2002 - 11:27 PM (108 Reads)
comments?
|
|
|
|
|