Feeds

Critical bug does a Custer on Apache for Windows

Old warrior clobbered

Boost IT visibility and business value

Older versions of the Windows flavour of Apache's web server software are vulnerable to a critical code injection flaw as well as a pair of lesser security bugs.

The most dire of three security bugs in a core component of version 2.2.14 of Apache, and possibly earlier releases of the software, creates a mechanism for hackers to execute arbitrary code on vulnerable systems, Australian firm Sense of Security warns.

The vulnerability stems from a bug in mod_isapi - a core module that implements the Internet Server extension API - and can be fixed by upgrading to the latest 2.2.15 version of Apache for Windows.

Sense of Security has published benign proof of concept code and a video designed to illustrate the risk posed by not upgrading. As well as the obvious defacement risk posed by the vulnerability, the security bug creates a means for hackers to seize control of vulnerable servers to extract data or plant malware.

An advisory by Secunia explains that the same Apache update fixes two lesser and unrelated flaws that pose denial of service and information disclosure risks, as explained here. ®

Build a business case: developing custom apps

More from The Register

next story
KDE releases ice-cream coloured Plasma 5 just in time for summer
Melty but refreshing - popular rival to Mint's Cinnamon's still a work in progress
Leaked Windows Phone 8.1 Update specs tease details of Nokia's next mobes
New screen sizes, dual SIMs, voice over LTE, and more
PEAK LANDFILL: Why tablet gloom is good news for Windows users
Sinofsky's hybrid strategy looks dafter than ever
Fiendishly complex password app extension ships for iOS 8
Just slip it in, won't hurt a bit, 1Password makers urge devs
Mozilla keeps its Beard, hopes anti-gay marriage troubles are now over
Plenty on new CEO's todo list – starting with Firefox's slipping grasp
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.