Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Apache Web Server Flaw Found
Apache Foundation scrambles to fix 'major' hole that leaves servers open to attack.
Joris Evers, IDG News Service
A security flaw in the popular Apache Web server could allow a malicious hacker to launch a denial-of-service attack, or even take over a system on which the software is running, the Apache Software Foundation has warned.
The flaw relates to the way the Web server parses uploaded data, and can cause the software to misinterpret the size of incoming chunks of data, the organization reported in an advisory released on Monday.
Hackers could exploit the vulnerability by sending a carefully crafted request to a flawed Apache server, according to the foundation. The organization manages development of open-source Apache products.
Wide Effect
Affected are all versions of Apache 1.3 and versions of Apache 2 up to 2.0.36, the group said. The Apache Software Foundation said it is working on new software releases that will fix the flaw.
Exploiting the flaw successfully could help an attacker to stage a denial-of-service attack, making the server unreachable. In some cases attackers could run their choice of code on a server, the Foundation warned.
In a denial-of-service attack, a hacker places code on a number of vulnerable Web servers, then activates them simultaneously with the order to submit repeated requests for information from a single, separate Web site. The intention is to overload the targeted site and cause it to crash. Often, managers of the participating sites are unaware the sites are assisting in an attack.
Wicked With Windows
One particularly vulnerable group are users running Apache 1.x on Microsoft Windows 2000 or Windows 2000 Server, according to security software vendor Internet Security Systems (ISS) of Atlanta, which also issued its own advisory on Monday. An attacker targeting such a setup would likely be able to take control of the server, ISS said. In an e-mail alert, the organization characterized the hole as a "major" vulnerability.
More than 63 percent of all Web sites run on an Apache Web server, according to the British firm Netcraft, which compiles such information. The flaw is similar to a vulnerability in Internet Information Server (IIS) that Microsoft warned of last week, ISS said.
Mobile Computing
Full Windows 7 coverage
Deal Breakers
Special Offers for PC World Users
-
Dell Studio XPS Weekend Sale Save 25% on Studio XPS Laptops & Free Shipping
Sale ends Monday!
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.95
Norton AntiVirus 2009 (Full Product)Price: $15.68
Anti-virus 2010 (OEM Product, 1 User)Price: $21.74
Norton Antivirus 2010 (Full Product, 1 User)Price: $24.00
Anti-Virus 2009 (Full Product)Price: $15.04
Norton Antivirus 2010 (Full Product, 3 Users)Price: $38.50
-
Acer Laptop Center Forget the Mouse...check out the next generation multi-gesture touch screen technology from Acer.
-
Dell Shopping Center Check out great deals from Dell!
