ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    Flaw found in Apache Web Server

A new flaw discovered in Apache Web Server allows hackers to take control of system privileges, researchers claim.

By Jennifer Scott, 9 Mar 2010 at 11:00

Apache
Apache gallery

A new flaw has been discovered in Apache Web Server that could allow cyber criminals to take control of system privileges, according to a security research firm.

Sense of Security (SoS) released an advisory claiming the core mod_isapi module in the most popular open source HTTP server could be targeted to induce the vulnerability.

The report said: “By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory.”

It continued to claim that although this would be unloaded, function pointers would still remain, allowing attackers to take control - what SoS calls “a dangling pointer vulnerability.”

The vulnerability was given a high severity rating by the researchers who said it definitely affected version 2.2.14 on the Windows platform but could also affect others.

The simple solution and advice for users is to upgrade to version 2.2.15. Users can also download the proof of concept from SoS from here.

IT PRO contacted Apache for comment on the new flaw but it had not responded to our request at the time of publication.

Email to a friend

Print this page

< Previous   Web Servers : News Next >

Be the first to comment on this article

You need to Login or Register to comment.

    You may also like...

 Sponsored Links

advertisement

    You may also like...

    Latest Web Servers Analysis & Insight

puppy linux logo

Puppy Linux: Just for fun

Puppy Linux is something different, a tiny version of Linux that can be stored on a USB memory drive, will run in memory, and can be used for working on the move.

Read more

 

More Web Servers Analysis & Insight

    Latest Web Servers Reviews

DeviceLock 7 boxshot

DeviceLock 7 review

Rating: 5

Accidental or deliberate data leakage is now a major security headache for businesses. Dave Mitchell takes a look at DeviceLock 7 to see if it plugs those holes that others leave behind.

Read more

 

More Web Servers Reviews

advertisement

    Most popular

    Register for IT PRO

You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Register
Sponsored Links
Advertisement