NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > InfoSec News> 2003-q3

[ISN] DoS Holes Plugged in Apache HTTP Server

From: InfoSec News (isnc4i.org)
Date: Thu Jul 10 2003 - 02:22:19 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: "eric wolbrom, CISSP" <ericshtech.net>

http://www.internetnews.com/dev-news/article.php/2232981

July 9, 2003
By Ryan Naraine

The Apache Software Foundation on Monday released a new version of its
open-source Web server project to plug four potentially serious
security holes.

The latest update to the Apache 2.0 HTTP Server (version 2.0.47) is
described as a security and bug fix release to plug holes that could
lead to denial-of-service attacks.

The Foundation warned that the SSLCipherSuite directive being used to
upgrade from a weak ciphersuite to a strong one could result in the
weak ciphersuite being used in place of the strong one. The previous
Apache HTTP Server version also contains a bug in the prefork MPM
where certain errors returned by accept() on rarely accessed ports
could cause temporal DoS.

Another DoS security vulnerability, caused when target host is IPv6,
was also patched. Apache explained that ftp proxy server can't create
IPv6 socket. The Apache Foundation also warned older versions of the
server would crash when going into an infinite loop because of too
many subsequent internal redirects and nested subrequests.

The Apache 2.0 HTTP Server project, which is developed and maintained
by volunteers, dominates the Web server market. At the end of June,
Netcraft statistics found the Apache server commanding a 67 percent
share (29 million sites) of the market, well ahead of competing
products from Microsoft and Sun Microsystems.

_______________________________________________________________________
eric wolbrom, CISSP Safe Harbor Technologies
President & CIO 66 Garlen Road
Voice 914.767.9090 Katonah, NY 10536
Fax 914.767.3911 http://www.shtech.net
_______________________________________________________________________

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]