Slashdot Mirror


Serious Apache Exploit Discovered

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

6 of 160 comments (clear)

  1. NO EXPLOIT HERE by Anonymous Coward · · Score: -1, Troll

    First post fuckers!

  2. Note: Apache ON WINDOWS by Rogerborg · · Score: -1, Troll

    Amazing; usually we're all about the M$ bashing.

    --
    If you were blocking sigs, you wouldn't have to read this.
  3. Its windows by suso · · Score: 1, Troll

    They only have a "sense of security" anyways.

  4. editor: Change the title, please by short · · Score: 0, Troll

    Do you chase web hits? Who cares about Windows, moreover together with Apache httpd?

  5. Just on Windows - Whew! by Anonymous Coward · · Score: -1, Troll

    I was worried, up until it said it was exclusive to Windows! I knew there was a good reason I got off of Windows...

  6. Re:Apache on Windows--More common than you think? by Anonymous Coward · · Score: -1, Troll

    Welcome to Earth! Your journey from the planet of linux fantasy must have been a long one. Please, regail us more of this mystical place where zealot sysadmins determine corporate policy and "internal apps" are written presumably were first written in, presumably, php for windows.

    no, seriously. I'd like to know exactly what sort of "company" you think actually your apocryphal scenario would actually apply to? if it was a company that did anything serious (like a small bank or insurnace company), you'd be out of a job in seconds unless your boss were a complete idiot. i'm guessing it's either some government back-office where a technology can get away with such incompetence and experimentation or a small software firm where the rest of the guys are savvy enough that it's ok with them. unless it's running a billion servers like amazon or google or whatever, i have yet to find a serious company for whom the relatively insignificant cost of the operating system on their matters two shits compared the very high costs of user training and retraining, administrator hiring and rehiring, and so forth.