Reads: 14,808
|
 |
|
|
|
|
Blog-N-Play.com
|
Top Three Links You Must Click On
Security Apache group issues update, warns of security hole
Apache, 2.0.46 is a security and bug fix
By: Paul Roberts
May. 28, 2003 12:00 AM
(IDG News Service) — For the second time in as many months, the Apache Software Foundation released an updated version of the popular open source Web server software, only to warn users of a critical security hole in previous versions of the software that the update patches. The new version of Apache, 2.0.46, was described as "principally a security and bug fix release" in a bulletin released by the open source organization Wednesday. Among those fixes is a patch for a security hole in the mod_dav module that could be exploited remotely, causing an Apache Web server process to crash, according to the bulletin. Mod_dav is an open source module that provides WebDAV (World Wide Web Distributed Authoring and Versioning) protocol support for the Apache Web server. WebDAV is a set of extensions to HTTP (Hypertext Transfer Protocol) that allows users to edit and manage files on remote Web servers. The protocol is designed to create interoperable, collaborative applications that facilitate geographically-dispersed "virtual" software development teams. Few details were available regarding the mod_dav vulnerability, which was first discovered and reported to the Foundation by a researcher at security firm iDefense Inc. Further details regarding the problem will be published on Friday, the bulletin said. In March, Microsoft released a patch for a security hole in a core Windows component used to handle an unchecked buffer in a Windows 2000 component used to handle the WebDAV protocol. That flaw, which has already been exploited by hackers, could enable an attacker to cause a buffer overflow on the machine running Internet Information Server, according to the Microsoft Security bulletin MS03-007. A second fix is for a denial-of-service vulnerability affecting Apache's authentication module. By exploiting a bug in configuration scripts used by a function for password validation, attackers could launch remote denial of service attacks that would cause valid user names and passwords to be rejected, the bulletin said. The vulnerabilities affect versions of Apache ranging from 2.0.37 up to the most recent release, 2.0.45, which came out in April. That latest version was also released in response to a heretofore unknown critical security flaw which, like the mod_dav vulnerability, was discovered by iDefense and described in detail at a later date. As with its last software update, the Apache Software Foundation said that 2.0.46 was the "best version of Apache available" and recommended that users of prior Apache versions upgrade.
Reader Feedback: Page 1 of 1
Subscribe to our RSS feeds now and receive the next article instantly!
Subscribe to the World's Most Powerful Newsletters
Linux Links You Must Click On !
|
Lo Ultimo
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
| | | | | | | | |
|
|
|
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | |
|
|
| SYS-CON MEDIA: | | | | |
| SYS-CON EVENTS: | | | | | |
| INTERNATIONAL SITES: | | | | | | | | | | |
 |
Terms of Use & Our Privacy Statement  About Newsfeeds / Video Feeds |
| Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media. |
| Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited. |
.gif)
