Flaws in Apache 2.0 for Windows may hit takeup

Security problems may be hampering the adoption of Apache 2.0 for Windows, according to a new survey of Web servers.

The latest report from UK-based Netcraft found that more than 16,000 Windows-based sites running the Apache server 2.0 software may be vulnerable to security flaws that have emerged since the Windows release of Apache 2.0. The flaws range from giving unauthorised users the ability to navigate directory structures to denial-of-service attacks caused by specially formatted device names, according to Netcraft.

"The striking thing is that these are sterotypical vulnerabilities that over the years many other products have suffered from, but [that have been] fixed," the company said in a statement.

Apache, an open-source Web server, is the most popular on the Internet, running about 66 percent of Web sites in February, Netcraft found. The nearest competitor was Microsoft, whose various flavours of server software power about 24 percent of surveyed sites. Microsoft is keen to improve its position in the server market, considered crucial to its ability to influence how people use the Internet.

Apache is often run on Unix or Linux operating systems, but the project's developers made improvements with version 2.0 aimed at increasing the server's presence in the Windows world. This appears to be working, with more than 7 percent of Windows Apache servers running version 2.0.

Just over 1 percent of Unix-based Apache installations run 2.0, a sign that Unix-based sites are sticking with the well-regarded earlier versions of the software.

Let the editors know what you think in the Mailroom.