Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious Apache Exploit Discovered

Posted by Soulskill on from the time-to-update dept.

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

1 of 160 comments (clear)

  1. Windows only by Albanach · · Score: 5, Informative

    This would have been useful in the summary. From the linked page:

    Platform. Microsoft Windows

    Details.
    The Apache HTTP Server, commonly referred to as Apache, is a
    popular open source web server software. mod_isapi is a core
    module of the Apache package that implements the Internet Server
    extension API. The extension allows Apache to serve Internet
    Server extensions (ISAPI .dll modules) for Microsoft Windows
    based hosts.

    While I'm sure it will impact many people, I'd still imagine the majority of Apache users are running it on a platform other than Windows