Apache Web Server Flaw Found
Apache Foundation scrambles to fix 'major' hole that leaves servers open to attack.
Joris Evers, IDG News Service
A security flaw in the popular Apache Web server could allow a malicious hacker to launch a denial-of-service attack, or even take over a system on which the software is running, the Apache Software Foundation has warned.
The flaw relates to the way the Web server parses uploaded data, and can cause the software to misinterpret the size of incoming chunks of data, the organization reported in an advisory released on Monday.
Hackers could exploit the vulnerability by sending a carefully crafted request to a flawed Apache server, according to the foundation. The organization manages development of open-source Apache products.
Wide Effect
Affected are all versions of Apache 1.3 and versions of Apache 2 up to 2.0.36, the group said. The Apache Software Foundation said it is working on new software releases that will fix the flaw.
Exploiting the flaw successfully could help an attacker to stage a denial-of-service attack, making the server unreachable. In some cases attackers could run their choice of code on a server, the Foundation warned.
In a denial-of-service attack, a hacker places code on a number of vulnerable Web servers, then activates them simultaneously with the order to submit repeated requests for information from a single, separate Web site. The intention is to overload the targeted site and cause it to crash. Often, managers of the participating sites are unaware the sites are assisting in an attack.
Wicked With Windows
One particularly vulnerable group are users running Apache 1.x on Microsoft Windows 2000 or Windows 2000 Server, according to security software vendor Internet Security Systems (ISS) of Atlanta, which also issued its own advisory on Monday. An attacker targeting such a setup would likely be able to take control of the server, ISS said. In an e-mail alert, the organization characterized the hole as a "major" vulnerability.
More than 63 percent of all Web sites run on an Apache Web server, according to the British firm Netcraft, which compiles such information. The flaw is similar to a vulnerability in Internet Information Server (IIS) that Microsoft warned of last week, ISS said.
- Sponsored Resource:Improve your network with the right mix of features, performance and pricing.
- Sponsored Resource:Growing your business requires the right tools. Dell's networking servers can help.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Twitter: A how-to guide for using Twitter as a business tool.
- Sponsored Resource:Smartphone security threats are on the rise. Is it time to safegaurd your device?
Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.
SMB Networking Center
Upgrade to IE 8
Featured APC Accessories For Your System
10% Off Entire Cart at Online Store
-
APC Back-UPS ES
Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
- APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.
People who read this also read:
Best Prices on Security Software
Norton Internet Security 2009 - 1 User/3 PCPrice: $29.99
Norton Internet Security 2009 - 1 User/1 PCPrice: $15.95
Norton 360Price: $25.00
Internet Security 2009Price: $15.99
Norton Internet Security 2009 - 1 User/3 PC, Small BoxPrice: $20.50
Internet Security 2009Price: $24.95
- Cisco Small Business Center Find out how to keep employees mobile, connected and productive with secure wireless networking.
- Dell Servers for Small Business Click here to see how a Dell server can help you back up your company's data and save you valuable time.




