Welcome to South West (UK) Linux User Group
  Signup / Login Home  ·  Web Links  ·  Reviews  ·  Your Account  ·  Submit News  ·  Top List  ·   
 Main Menu
· Home
· Reviews
· Meeting Info
· Mailing List Archive
· Topics
· Web Links
· Get Linux!
· Special Offers/Discounts
· Our Sponsors

· Linux@Home
· Linux@Business
· Linux@School


 Please support:
No ePatents!

 A proud member of:
UK Linux User Groups

See all

 New Apache Worm Starts to Spread
Apache admin writes "Security experts are rushing to decode a worm program that exploits a 2-week-old flaw to infect computers running vulnerable versions of the popular open-source Apache Web server application.

The worm is thought to be capable of spreading only to Web servers running the FreeBSD operating system, an open-source variant of Unix, that haven't had a patch applied for the recent flaw. Although few people have reported the worm, it is thought to be infecting vulnerable Web servers worldwide...

At present, if the Apache worm tries to spread to any non-FreeBSD system, it will likely crash the session on the server to which the worm had connected. That's not so bad, said [eEye Digital Security's chief hacking officer Marc] Maiffret, but it could cause many servers to crash if the worm develops into an epidemic..."

Note: Not nice to see yet another Apache flaw.......
Posted by admin on Saturday, June 29, 2002 - 06:38 PM (137 Reads)
Read more... (141 bytes more) comments? Send this story to a friend Printer friendly page

 Experts Warn of Major Hole in Apache Web Server
Apache admin writes "A security flaw in the popular Apache Web server could allow a malicious hacker to launch a denial of service attack or even take over a system on which the software is running, the Apache Software Foundation warned in an advisory on Monday.

"The flaw relates to the way the Web server parses uploaded data, and can cause the software to misinterpret the size of incoming chunks of data. It can be exploited by sending a carefully crafted request to the server, said the Foundation, which manages development of the open-source Apache products.

This affects all versions of Apache 1.3 and Apache 2 up to 2.0.36.

The official advisory is here.
Check on the latest developments at httpd.apache.org."

Note: The Apache Software Foundation has since released versions 1.3.26 and 2.0.39 to address and fix this issue. These version are available for download from httpd.apache.org.
Posted by admin on Tuesday, June 18, 2002 - 11:27 PM (108 Reads)
comments? Send this story to a friend Printer friendly page

Home  ·  Web Links  ·  Reviews  ·  Your Account  ·  Submit News  ·  Top List  · 

Web site powered by PostNuke Redhat LinuxApache Web Server

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters.
Site and most content created and maintained by David Johnson.
Theme by Dezina.com.