Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache Vulnerability Announced

Posted by krow on from the lame-DOS-attacks dept.

Aaron writes "Versions of the Apache HTTP Server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. In some cases it may be possible to cause a child process to terminate and restart, which consumes a non-trivial amount of resources. See the official announcement and stay tuned here for updated versions." This is in response to the rather uninformed and questionable security notice by ISS X-Force, about a bug that has already been mentioned on the public mailing lists for Apache and is fixed in CVS for Apache 2.0. I am also told that their patch doesn't fully solve the problem. I am sure though that by awaking us to the problem they will get a lot of great press just like any of the other companies currently using useless bug announcements as press releases.

7 of 296 comments (clear)

  1. Oh oh by LinuxCumShot · · Score: 0, Funny

    Time to get more eyes on the code.

    --
    -- OMFG = Oh My Floatse Goatse
  2. Switch to IIS by l33t+j03 · · Score: 4, Funny

    Proof positive that IIS is a better web server than Apache. You don't see IIS vulnerabilites spouted all over the internet every day.

    --

    Cunning linguists

    1. Re:Switch to IIS by krogoth · · Score: 4, Funny

      "You don't see IIS vulnerabilites spouted all over the internet every day."

      Yes, they tried but it's hard to get people to work on weekends.

      --

      They that quote Benjamin Franklin on liberty and safety deserve neither.
  3. Not enough time!! by dpete4552 · · Score: 2, Funny

    Hey, it's not Apache org's fault that the bug is around. If those damned security news sites wouldn't release the exploits so soon then it wouldn't be a problem. It's those irresponsible bastards that are the problem here. Sheesh, the nerve.

    --
    http://www.archive.org/details/ThePowerOfNightmares
  4. A bug in open source code? by Anonymous Coward · · Score: 2, Funny

    That's unpossible!

  5. Useless bug announcements-- My turn! by rocjoe71 · · Score: 3, Funny

    The Rocjoe Institute is reporting that under some conditions, Windows *may* crash...

    --
    Height: 38U, Weight: 0 Newtons, Eyes: #0000FF, OS: Gray Matter 1.0 (Alpha)
  6. Too good by selectspec · · Score: 3, Funny
    From the official announcement:

    Please note that the patch provided by ISS does not correct this vulnerability.

    Will upgrading to 32-bit color on my hard drive fix it or do I need to upgrade my monitor refresh rate to 512MB?

    --

    Someone you trust is one of us.