ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Online business Toolkit

Apache patch covers HTTP security hole

David Becker CNET News.com

Published: 30 May 2003 10:13 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The Apache Software Foundation released on Wednesday an updated version of its market-leading Web server software, primarily to patch previously undisclosed security holes.

The group, which coordinates development and distribution of the open-source software, recommended that system administrators promptly upgrade to version 2.0.46 of Apache HTTP Server, available for download from the Apache Web site.

The free Apache program is the most popular Web server software in use today, employed by 63 percent of all Web sites, according to a recent survey by research firm Netcraft.

The new version of the software patches several serious vulnerabilities, including one that could allow vandals to crash a server by sending malicious commands to the component Apache uses to execute WebDAV (World Wide Web Distributed Authoring and Versioning) instructions.

WebDAV is a set of extensions to the basic HTTP (Hypertext Transfer Protocol) underlying the Web, enabling sites to handle more advanced Web services functions. WebDAV has been the source of numerous other security holes in server software made by Microsoft and others.

The foundation said it would reveal details of the WebDAV vulnerability on Friday.

The new version of Apache also fixes a hole in the software authentication module that could let malicious users launch a limited denial-of-service attack that would prevent authorised users from logging on to the server under siege. The Apache foundation said in a statement that it did not believe the bug could enable unauthorised users to gain access to protected resources.

The foundation released an Apache update last month to patch a vulnerability that could have allowed a more serious DoS attack.

Apache administrators were forced to scramble to contain damage late last year when a destructive worm targeting Apache servers began to spread before a patch was available.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
63 out of 137 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business



Company/Topic Alerts

Create a new alert from the list below:










Related Jobs

Linux System Administrator (RedHat, MySQL, DNS, Apache, RAID, SMTP)- Nottingham, Midlands

Job Title: Linux System Administrator (RedHat, MySQL, DNS, Apache, RAID, SMTP)- Nottingham, Midlands Location: Nottingham, Midlands Salary: Very Good ...

Web Support Engineer - (E-commerce) Leeds - 32000+Benefits

You will have exposure to Zeus Web Server, Apache Web Server, Sun Solaris and IBM Websphere Operating Systems: Unix, Solaris, E-commerce Web Support ...

Linux Administrator Redhat, Suse, Debian, Apache, 38k

Linux Administrator Redhat, Suse, Debian, Apache, 38k Linux Systems Administrator (Debian/Ubuntu/MYSQL/Apache/UNIX) is needed by my leading ...

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

I wonder, who needs .asia domain? I cannot imagine, what would be useful for Microsoft.asia? Toyota.asia? Then let's register .europe (if .eu is too short). Or perhaps Microsoft.southamerica, Dell.australiaandnewzealand, Coca-Cola.africa... Sound funny? Then why not just use the global and country domains? Or perhaps it is time to drop the domains at all?

By: LadyRoot

Read full story:
Businesses advised to register .asia domains