Thursday November 14, 2002
Thursday November 14, 2002
Apache Flaws
Erik tells us that 
Apache Flaws are being exploited.
The Apache HTTP Server Project has warned that several security holes in the Apache source are being actively exploited on the Internet, urging IT managers to urgently upgrade to version 1.3.27 or 2.0.43 or higher.
...
"If you are running an SSL-enabled web server using OpenSSL, upgrade to at
least version 0.9.6e of OpenSSL and recompile all applications that use
OpenSSL," the organization said.
Other vulnerabilities still being exploited on servers that haven't been
upgraded include:
- A cross site scripting bug in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups
- Possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server
- A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program
- htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack
- Several buffer overflows in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings
Posted in The Web
at Nov 14 2002, 05:09:03 AM MST
Add a Comment
Comments:
Search This Site
Recent Entries
- My What's New in Spring 3.1 Presentation
- Twitter's Open Source Summit: Bootstrap 2.0 Edition
- Refreshing AppFuse's UI with Twitter Bootstrap
- 2011 - A Year in Review
- Upgrading AppFuse to Spring Security 3.1 and Spring 3.1
- What have I been working on at Taleo?
- Our Engaging Trip to Paris and Antwerp
- My HTML5 with Play Scala, CoffeeScript and Jade Presentation from Devoxx 2011
- Deploying Java and Play Framework Apps to the Cloud with James Ward
- PhoneGap for Hybrid App Development