Serious Apache Exploit Discovered

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

Windows only

[Albanach]

This would have been useful in the summary. From the linked page:

Platform. Microsoft Windows

Details.
The Apache HTTP Server, commonly referred to as Apache, is a
popular open source web server software. mod_isapi is a core
module of the Apache package that implements the Internet Server
extension API. The extension allows Apache to serve Internet
Server extensions (ISAPI .dll modules) for Microsoft Windows
based hosts.

While I'm sure it will impact many people, I'd still imagine the majority of Apache users are running it on a platform other than Windows

It's unanimous!

[ipquickly]

7 out of the first 8 posts agree that this is Windows only.

Re:Note: Apache ON WINDOWS

[jedidiah]

> The same bug in a module that ran on Linux would result in a remote root exploit.

Really?

      ps -aef | grep apach

      root 3029 1 0 08:10 ? 00:00:00 /usr/sbin/apache2 -k start
      www-data 3072 3029 0 08:10 ? 00:00:00 /usr/sbin/apache2 -k start
      www-data 3073 3029 0 08:10 ? 00:00:00 /usr/sbin/apache2 -k start

Gain Complete Control

[ArundelCastle]

I would really like to make a shirt that says: "This T-shirt has a serious exploit that allows a remote attacker to gain complete control."
It should be printed around the bottom hem for maximum effect.
Could also work on tighty whiteys.

I said I'd like to make it, not wear it. :-)