Red Hat Director of Engineering and Editor of ApacheWeek Mark J. Cox Friday warned of an Apache 2.0 vulnerability which could allow
an attacker to "inflict serious damage to a server, and reveal sensitive data."
The flaw, discovered by bug-hunter Auriemma Luigi, affects default installations of the Apache Web server in non-Unix platforms like
Windows, OS2 and Netware. The flaw does not appear to affect Unix and other variant platforms, Cox said, though he noted that Cygwin
users are likely to be affected. Luigi notified the Apache Software Foundation of the
vulnerability on Wednesday.
Additionally, Cox said a one-line workaround in the httpd.conf file will close the vulnerability. He said that prior to the first
'Alias' or 'Redirect' directive, simply add the following directive to the global server configuration: Security Watch | Matt Hines | TAG: Security | InfoWorld::
be covered -- virtualization, Web 2.0, social networking, VoIP, SOA, have serious vulnerabilities with an average of seven vulnerabilities per site.
http://weblog.infoworld.com/zeroday/archives/security/index.htmlHOME |
Thinking About Open Source - blog.scottlowe.org - The weblog of an IT ::
This flaw was described as one of the most serious flaws uncovered to date. In my opinion, it would be a disservice otherwise. Site Tags: Apache, BSD,
http://blog.scottlowe.org/2006/05/04/thinking-about-open-sourceHOME |
Cox noted that fixes for the vulnerability are included in Apache version 2.0.40, in addition to fixes for a number of less serious
security flaws.
hyperSven :: s3curity (news) Rchives::
Serious Passport flaw uncovered. Hosting web servers hacked Apache Unspecified Denial of Service Vulnerability. Glitches found in RealOne and QuickTime
http://hypersven.com/security-archives.phpHOME |
Both the Apache Software Foundation and Luigi plan to release more information in the coming weeks.
 Fourth Release of Apache 2.0
 Don't Get Googled by Hackers!
|
HOME
PRINT
Add to favorites