The Register® — Biting the hand that feeds IT

Apache urges update ahead of DoS risk alert

Do something now! We'll tell you why later

By John LeydenGet more from this author

Posted in Security, 7th April 2003 11:44 GMT

Free whitepaper – Total cost of ownership of Dell, HP and IBM blade solutions

The Apache Software Foundation has updated its popular Web server software to guard against a serious, as yet unspecified, denial of service risk.

Users of version 2.x of the Web server on all platforms are urged to upgrade to version 2.0.45. Sites running 1.x aren't affected.

Details of the problem, discovered by security outfit iDefense, are to be made available later today.

An advisory, published by BugTraq, is to be made available at this time. According to the limited information so far published, the flaw is yet to be exploited.

Information of the upgrade is available from the Apache Software Foundation here. Upgrading to 2.0.45 will fail to help the small number of users running Apache on OS/2.

Nonetheless the fix is deemed too important to wait resolution of the issue in these limited cases.

Version 2.0.45 is also designed to address a number of less bugs, as explained in greater detail here. ®

Related Stories

All bugs are created equal
Apache fixes scripting flaw
Slapper worm spanks Apache servers
Apache admins screwed by premature vuln report

Free whitepaper – Systems management simplified

Webcast: Jumpstart your Application Security initiatives