Apache bug prompts update advice

Colin Ho,ZDNet.com.au | March 8, 2010 12:02 PM PST

Summary

IT security company Sense of Security has discovered a serious bug in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database.

Topics

Apache Software Foundation, Web Servers, Open Source, Internet, apache, bug, exploit, root kit, sense, security, vulnerable, attack, Colin Ho, ZDNet.com.au, Colin Ho, ZDNet.com.au

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Discovered by the company's security consultant Brett Gervasoni, the vulnerability exists in Apache's core "mod_isapi" module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security.

Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit.

According to Sense of Security spokesperson Jason Edelstein, Apache is one of the most popular pieces of web server software used today and the vulnerability was one of the most significant bugs in Apache for years.

For more on this story, read Apache bug prompts update advice on ZDNet Australia.

Talkback - Tell Us What You Think

Get it the way you want it

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

ZDNet is available in the following editions:

Special Reports

Apple WWDC 10

Google unplugs Windows

Windows 7

Hot Topics

Apache bug prompts update advice

Summary

Topics

Vendor HotSpot

Here to help you with your Document Management Needs

Talkback - Tell Us What You Think

Get it the way you want it

ZDNet Newsletters

Vendor Showcase

Featured Articles

10+ mistakes Linux newbies make

Web video showdown: Flash vs. QuickTime vs. Windows Media

How a decade of antitrust oversight has changed your PC

Updated: Microsoft codename tracker

Services