Windows Apache security bug revealed

Serious hole, easy fix

Thu 15 Aug 2002 // 02:11 UTC

Default installations of Apache on Windows are susceptible to a bug discovered by Italian researcher Luigi Auriemma, Apache.org reports.

According to a PivX advisory, non-Unix platforms like Windows OS2 and Netware are vulnerable, but Unix versions are not.

Details are sketchy to discourage immediate exploitation, but the organization says it will post additional details 'in the coming weeks'.

Meanwhile, the fix is simple. Add the following line to the httpd.conf file before the first 'Alias' or 'Redirect' directive:
RedirectMatch 400 "\\\.\."

The fix is included in version 2.0.40, along with fixes for "two minor path-revealing exposures," Apache says. Apache fixed the binaries within 24 hours of initial notification, PivX notes. ®

More about

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Software

Windows Apache security bug revealed

Serious hole, easy fix

More about

TIP US OFF

Other stories you might like

OpenAI launches Asian operations in Tokyo to avoid being lost in translation

Konica Minolta and Fujifilm ponder JV to cut costs of printer businesses

Los Alamos Lab powers up Nvidia-laden Venado supercomputer

Industrial systems integrating digitalisation

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

What's up with AI lately? Let's start with soaring costs, public anger, regulations...

Senator Warren slams Intuit's 'junk fees' as America's Tax Day rolls around again

Samsung snags $6.4B in CHIPS Act funds for Texas fabs

US lawmakers rage over Intel Meteor Lake-powered Huawei PC

Japan turns up heat on Apple, Google with threat of hefty fines

Tesla decimates staff amid ongoing performance woe

Backblaze cloud storage buzzes with added Event Notifications

About Us

Our Websites

Your Privacy