Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious Apache Exploit Discovered

Posted by Soulskill on from the time-to-update dept.

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

2 of 160 comments (clear)

  1. Re:Note: Apache ON WINDOWS by jedidiah · · Score: 5, Insightful

    > The same bug in a module that ran on Linux would result in a remote root exploit.

    Really?

          ps -aef | grep apach

          root 3029 1 0 08:10 ? 00:00:00 /usr/sbin/apache2 -k start
          www-data 3072 3029 0 08:10 ? 00:00:00 /usr/sbin/apache2 -k start
          www-data 3073 3029 0 08:10 ? 00:00:00 /usr/sbin/apache2 -k start

    --
    A Pirate and a Puritan look the same on a balance sheet.
  2. Re:Note: Apache ON WINDOWS by jedidiah · · Score: 4, Insightful

    It doesn't matter if "its just as bad". It isn't a "root exploit". It's highly inaccurate to call it one.

    Muddling terms is how you end up with nonsense like not being able to tell programs from data.

    Distinctions are important for just this reason.

    Yes it still sucks.

    --
    A Pirate and a Puritan look the same on a balance sheet.