Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious Apache Exploit Discovered

Posted by Soulskill on from the time-to-update dept.

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

8 of 160 comments (clear)

  1. It's unanimous! by ipquickly · · Score: 5, Funny

    7 out of the first 8 posts agree that this is Windows only.

    1. Re:It's unanimous! by rvw · · Score: 4, Funny

      7 out of the first 8 posts agree that this is Windows only.

      You must be using Windows Calculator!

  2. Update to 2.2.15 by blai · · Score: 2, Funny

    But I don't want to restart my Windows :\

    --
    In soviet Russia, God creates you!
  3. You bastards gave me a heart attack! by SlappyBastard · · Score: 4, Funny

    I had to read the article to see it was Windows only . . . whew.

    --
    I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
  4. Gain Complete Control by ArundelCastle · · Score: 5, Funny

    I would really like to make a shirt that says: "This T-shirt has a serious exploit that allows a remote attacker to gain complete control."
    It should be printed around the bottom hem for maximum effect.
    Could also work on tighty whiteys.

    I said I'd like to make it, not wear it. :-)

  5. Whose fault...? by argent · · Score: 2, Funny

    I don't know whose fault it is but the idea of running ISS plugins under Apache on Windows scares me. Whose fault is it when you run naked through the "hot" ward snogging the e-bola patients? It's ironic that you end up getting sick because the pretty nurse you kissed had mono, but ... good lord, people...

  6. Thanks, jackass. by CAIMLAS · · Score: 2, Funny

    Thanks, jackass. Just what I wanted on a Monday morning: to update a half dozen Internet-facing source-based systems. Of course, it was a false alarm: submitter was too much of a toolbag to mention it was Windows-only.

    (And, it being a Monday morning, I didn't initially notice the mention of mod_isapi. Of course.)

    --
    ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
  7. Re:Note: Apache ON WINDOWS by 1s44c · · Score: 2, Funny

    Muddling terms is how you end up with nonsense like not being able to tell programs from data.

    But windows admins can't tell data from programs. They put both under c:\program files