Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.

Site Operators Slow to Patch Apache Servers

Despite warnings of a serious security flaw, many administrators have yet to fix the problem.

Joris Evers, IDG News Service

  • 0 Yes
  • 0 No

Many Web servers running Apache-SSL remain vulnerable to attacks, although a June security alert did prompt administrators to patch standard Apache Web installations, according to a survey released Tuesday.

About 75 percent of Web sites hosted on Apache-SSL servers are vulnerable, as the software has not been upgraded to fix a serious flaw uncovered in June, according to a survey by Web server information firm Netcraft of Bath, England.

Administrators seem to have given priority to patching regular Apache installations, as about half of the 22 million Web sites that rely on Apache are protected through an Apache software upgrade, Netcraft says.

Securing Web Sites

Apache-SSL is a combination of the Apache Web server and OpenSSL security software meant to offer secure Web site connections. Apache-SSL is used for electronic commerce Web sites, for example. Both Apache and OpenSSL are open-source products developed by volunteers.

The Apache Software Foundation, which supports the Apache open-source project, in June advised administrators to upgrade their Apache installations because of a flaw in the way the Web server parses uploaded data, a so-called chunked encoding vulnerability.

The flaw affects all versions of Apache 1.2, versions of Apache 1.3 up to 1.3.24 and versions of Apache 2 up to 2.0.36, according to a statement from the Foundation released on June 20.

Apache is the most used Web server software in the world, with 66 percent of active sites running Apache, according to Netcraft.

  • Recommend this story?
  • 0 Yes
    0 No
 

Featured APC Accessories

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC Smart-UPS Loaded with cutting-edge features, unique battery life predictor, unbeatable on-line efficiencies and software agents allowing remote UPS monitoring. Get 10% off your entire kart purchase!

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links