October 7, 2002 — (WEB HOST INDUSTRY REVIEW) — Version 1.3.27 of the popular Apache Web server was released last week by the Apache Software Foundation (Apache.org) and the Apache Server Project.
The new Apache HTTP server, available for download at the foundation?s Web site, is regarded principally as a security and bug-fix release, including fixes to several security vulnerabilities.
It reportedly plugs a hole that exists on all prior versions of Apache on platforms using System V shared memory based scoreboards, which can be exploited by an attacker to run root processes or cause a local denial-of-service attack.
Release 1.3.27 also patches a bug that made Apache susceptible to a scripting vulnerability in the default 404 page of any Web server hosted on a domain that allows wildcard DNS lookups. And it fixes possible overflows in ab.c that could be exploited by a malicious server.
