November 18, 2002 — (WEB HOST INDUSTRY REVIEW) — The Apache HTTP Server Project (HTTPd.apache.org) said on Thursday that several security holes in the source code for the platform are being actively exploited, and urged IT managers urgently to upgrade to version 1.3.27 or 2.0.43 or higher.
The warning is the second released by the open source project, which operates more than 60 percent of the Internet?s Web servers. The sharing of the vulnerable code between Apache and Apache-Perl packages means the security flaws are also shared.
Warnings posted on mailing lists identify the flaw as a scoreboard memory segment overwriting vulnerability that could lead to denial of service attacks. The vulnerability reportedly allows an attacker to execute code under the Apache UID to exploit the platform?s shared memory scorecard format and send a signal to any process as root, or cause a DoS attack.
About theWHIR.com
Since 2000, The Web Host Industry Review has made a name for itself as the foremost authority of the Web hosting industry providing reliable, insightful and comprehensive news, interviews and resources to the hosting community. TheWHIR is an iNET Interactive property. For more information on iNET Interactive, visit http://www.inetinteractive.com
No related posts.
