Slashdot Mirror


Apache Vulnerability Announced

Aaron writes "Versions of the Apache HTTP Server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. In some cases it may be possible to cause a child process to terminate and restart, which consumes a non-trivial amount of resources. See the official announcement and stay tuned here for updated versions." This is in response to the rather uninformed and questionable security notice by ISS X-Force, about a bug that has already been mentioned on the public mailing lists for Apache and is fixed in CVS for Apache 2.0. I am also told that their patch doesn't fully solve the problem. I am sure though that by awaking us to the problem they will get a lot of great press just like any of the other companies currently using useless bug announcements as press releases.

3 of 296 comments (clear)

  1. now lets' see... by slayer99 · · Score: 0, Flamebait

    I bet this will be patched a little quicker than the last IIS vulnerabilities :)

    --
    Martin Brooks / Slayer99 #linux / UIN 2178117
  2. Yeah, McAfee fucking sucks, Slashdot is right! by Bowie+J.+Poag · · Score: -1, Flamebait



    Yeah, McAfee sucks. They protect tens of thousands of people's data against viruses, for free. Yeah, they're completely useless, and should be kicked off the face of the earth.

    Oh wait, I have a better idea -- How about Slashdot gets a clue, instead?

    Cheers,

    --
    Bowie J. Poag

  3. I always like how by JeanBaptiste · · Score: 0, Flamebait

    apache bugs seem rather trivial, while most every M$ bug ends with 'which could allow malicious code to be executed' or 'which could allow unauthorized access' (I know thats not verbatim but I dont feel like looking it up.)