Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious Apache Exploit Discovered

Posted by Soulskill on from the time-to-update dept.

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

1 of 160 comments (clear)

  1. Always worried about reporting. by dannydawg5 · · Score: 3, Interesting

    At a place I used to work, one of my coworkers reported a simple potential security problem: the username for the admin account on all our machines is the same as the computer's name. This just eliminates one less thing for a hacker to figure out. He was accused of "snooping", whatever that means, and almost lost his job. The only thing that saved him is a higher-up with a brain.

    Whenever I hear a story about a person\firm reporting security risks, I am reminded of the story of my coworker, and I have heard too many similiar stories. It has trained to me keep my mouth shut about these problems.