SECUR> Security Apache Rushes to Fix Serious DoS Hole
- From: Gleason Sackmann <gleason@xxxxxxxxxxxxxxx>
- To: NetHappenings <nethappenings@xxxxxxxxxxxxx>
- Date: Fri, 4 Apr 2003 08:53:37 -0600
**************************************************************
Net Happenings - From Educational CyberPlayGround
**************************************************************
Apache Rushes to Fix Serious DoS Hole
The Apache Software Foundation has released a patch for a denial-of-service
vulnerability discovered by cybersecurity firm iDefense. The 2.0.45 release
also eliminates leaks of file descriptors to child processes, which would
constitute a security threat on servers running untrusted CGIs. Details of
the flaw will not be release until April 8, 2003. This follows an
embarrassing incident in June 2002, when ISS published an exploit before
notifying Apache or allowing time for Apache to develop a patch. Apache
urges its users to upgrade immediately, before the details are released on
April 8.
http://www.internetnews.com/dev-news/article.php/2174351
**************************************************************
The Net Happenings mailing list is a service of
Educational CyberPlayGround - http://www.edu-cyberpg.com/
**************************************************************
If you have any questions, concerns, suggestions, or
would like to sponsor the Net Happenings service -
<http://www.edu-cyberpg.com/Community/Subguidelines.html>
Subscribe | Unsubscribe | Change Email Preferences -
<http://www.edu-cyberpg.com/Community/NetHappenings.html>
**************************************************************
Other related posts:
- » SECUR> Security Apache Rushes to Fix Serious DoS Hole