November 18, 2002 — (WEB HOST INDUSTRY REVIEW) — The Apache HTTP Server Project (HTTPd.apache.org) said on Thursday that several security holes in the source code for the platform are being actively exploited, and urged IT managers urgently to upgrade to version 1.3.27 or 2.0.43 or higher.
The warning is the second released by the open source project, which operates more than 60 percent of the Internet?s Web servers. The sharing of the vulnerable code between Apache and Apache-Perl packages means the security flaws are also shared.
Warnings posted on mailing lists identify the flaw as a scoreboard memory segment overwriting vulnerability that could lead to denial of service attacks. The vulnerability reportedly allows an attacker to execute code under the Apache UID to exploit the platform?s shared memory scorecard format and send a signal to any process as root, or cause a DoS attack.
