New Apache 2.0.45 Fixes Denial of Service Vulnerability
by Berislav Kucan - Thursday, 3 April 2003.
Newly released Apache HTTP Server 2.0.45, fixes yet unspecified Denial of Service vulnerability. The vulnerability information will be disclosed by iDefense on 8 April 2003. Below you can find a partial reprint of the Apache announcement.

The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the eighth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.45 as compared to 2.0.44.

OS2 users; note that Apache 2.0 versions *including* 2.0.45 still have a Denial of Service vulnerability that was identified and reported by Robert Howard that will fixed with the release of 2.0.46, but is too important to delay announcement today. The patch must be applied before building on OS2. This patch will already be applied to all OS2 binaries released for Apache 2.0.45. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0134]

This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.45 addresses two security vulnerabilities, both affecting all platforms.

Prior Apache 2.0 versions through 2.0.44 had a significant Denial of Service vulnerability that was identified and reported by David Endler , and fixed with this release. The specific details of this issue will be published by David Endler one week from this release, on April 7th. No more specific information is disclosed at this time, but all Apache 2.0 users are encouraged to upgrade now. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132]

This release eliminated leaks of several file descriptors to child processes, such as CGI scripts, which could consitute a security threat on servers that run untrusted CGI scripts. This issue was identified, reported and addressed by Christian Kratzer and Bjoern A. Zeeb.

The Apache Software Foundation would like to thank David Endler, Christian Kratzer, Bjoern Zeeb and Robert Howard for the responsible reporting of these issues.

Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //