Hackers Reveal Apache Web Server Attack Program

• By theWHIR.com , June 21, 2002

•   Digg
    Delicious
    Reddit
    Newsvine
    Stumbleupon
    Twitter
  Facebook

  (close)

  From:

  To:

  (close)
  Share | Send | Print | Comments (0)

June 21, 2002 -- (WEB HOST INDUSTRY REVIEW) -- A hacker group announced this week that it has developed an attack program that can be used to break into some Apache Web servers, prompting Internet security companies to send urgent warnings to their customers.

The hacker group, called Gobbles Security, posted its program on Internet security resource BugTraq, saying the program was an effort to prove wrong experts who thought hackers would not be able to exploit an Apache ?chunking? flaw that Internet Security Systems Inc. made public on Monday.

ISS was criticized for informing the public about the flaw without providing much advanced notice to the Apache Software Foundation (Apache.org), which supports the open source Web server software. Apache developers had already been working on a fix for the problem, and released updated versions of the software on Tuesday. The update can be downloaded from the organization?s Web site.

The attack program targets Apache Web servers running on OpenBSD and, according to Gobbles, can be easily run by unskilled hackers and ?script kids.?

Internet security organizations Internet Security Systems and SecurityFocus alerted customers on Thursday of the threat, which both rated three on a four-point scale. Their concern is that attack programs could be written for Apache running on other operating systems, and could be distributed with a worm.

Such a program could affect the approximately 60 percent of the world?s Web servers that use Apache. The Code Red and Nimda threats attacked servers running Microsoft?s IIS software, which, by comparison, is used on 25 percent.

• Print | Comments (0)

OLDER:  VeriSign Agrees to Stop Mailings to All Registrars

|

NEWER:   Digex Unveils SmartContinuity Services

• (0) Comments
• View Post