Serious Apache Exploit Discovered

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

Re:Note: Apache ON WINDOWS

[mcgrew]

Discussing exploits isn't "bashing".

However, in regards to MS (and we're close to being offtopic here) when was the last time you heard about an Apache vuln? Apache is relatively solid.

My problems with MS, however, are philosophical. MS seems to revel in giving the finger to standards, from the backslash to everything else. They brag about useability testing, but it almost seems like they take a group of children and mentally handicapped adults and flipping the bird to everyone else. E.g., I bought a netbook last week and tried to get on the internet with it at my favorite bar; the bar's router had something wrong with it and Windows couldn't find the DNS server. There seemed to be no way to tell Windows networking what the server address was. Meanwhile, a woman with an iPhone had no trouble using the wifi there. With earlier versions of Windows I had no trouble specifying a DNS server, and the help system is no help at all.

If I decide to run a server, it will be Apache on Linux.

I think it's funny that Apache got its neame from the earlier releases, it was a patchy server. Lots fewer patches these days!