Thursday November 14, 2002
Thursday November 14, 2002
Apache Flaws
Erik tells us that 
Apache Flaws are being exploited.
The Apache HTTP Server Project has warned that several security holes in the Apache source are being actively exploited on the Internet, urging IT managers to urgently upgrade to version 1.3.27 or 2.0.43 or higher.
...
"If you are running an SSL-enabled web server using OpenSSL, upgrade to at
least version 0.9.6e of OpenSSL and recompile all applications that use
OpenSSL," the organization said.
Other vulnerabilities still being exploited on servers that haven't been
upgraded include:
- A cross site scripting bug in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups
- Possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server
- A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program
- htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack
- Several buffer overflows in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings
Posted in The Web at Nov 14 2002, 05:09:03 AM MST Add a Comment
Comments:
Search This Site
Recent Entries
- New Passport in 9 Days
- EhCache Project Busy this Summer
- Spontaneous Stuff Weekend
- Awesome Birthday Present: A Kegerator
- Maven Plugin for Running Integration Tests against Multiple Containers
- Presenting Web Frameworks of the Future Tomorrow in Denver
- My OSCON Aftermath
- OSCON 2008 Wrapup
- [OSCON 2008] Even Faster Web Sites by Steve Souders
- [OSCON 2008] CSS for High Performance JavaScript UI by Gavin Doughtie