Thursday November 14, 2002
Thursday November 14, 2002
Apache Flaws
Erik tells us that 
Apache Flaws are being exploited.
The Apache HTTP Server Project has warned that several security holes in the Apache source are being actively exploited on the Internet, urging IT managers to urgently upgrade to version 1.3.27 or 2.0.43 or higher.
...
"If you are running an SSL-enabled web server using OpenSSL, upgrade to at
least version 0.9.6e of OpenSSL and recompile all applications that use
OpenSSL," the organization said.
Other vulnerabilities still being exploited on servers that haven't been
upgraded include:
- A cross site scripting bug in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups
- Possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server
- A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program
- htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack
- Several buffer overflows in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings
Posted in The Web at Nov 14 2002, 05:09:03 AM MST Add a Comment
Comments:
Search This Site
Recent Entries
- How We Hired a Team of 10 in 2 Months
- Jack's Skiing Like A Madman!
- My Future of Web Frameworks Presentation
- My Guest Room Remodel is finished!
- Web Application Testing with Selenium by Jason Huggins
- Web Application Testing with Selenium at Agile Denver next Monday
- 17" MacBook Pro Stolen from Living Room
- Using JRebel with IntelliJ IDEA on OS X
- Reviews for Grails: A Quick-Start Guide and Kanban and Scrum
- Upside Down Man Saves the Day