By Sandeep Junnarkar, 4 April 2003 11:28
NEWS The Apache Software Foundation has released a patch for its Apache 2.0 HTTP Server to thwart a "significant" denial-of-service vulnerability. Apache, which makes the popular open source web server application, released version 2.0.45 to fix a denial-of-service (DoS) problem. A DoS attack floods a network with data, rendering it inaccessible to legitimate queries. Version 2.0.45 is available from Apache's website. The vulnerability in version 2.0.44 affects all operating systems, according to the advisory. But Apache issued a specific warning for OS/2 users, noting that for them the new patch still had a DoS vulnerability. That outstanding issue will be fixed with the upcoming release of 2.0.46, but Apache said it was too important to delay the 2.0.45 patch. The foundation urged, "All Apache 2.0 users are encouraged to upgrade now." The foundation rushed the patch out perhaps to avert the kind of scenario that occurred last June, when a security firm released news of a flaw and gave Apache only a few hours to respond. The DoS vulnerability in version 2.0.44 was discovered by David Endler of security firm iDefense. Apache did not provide specific details about the issues, noting only that Endler would publish details on 8 April. Apache dominates the web server market with nearly 63 per cent market share, according to March statistics from consulting firm Netcraft. Microsoft trails well behind with 27.4 per cent, and Sun Microsystems has a paltry 1.1 per cent of the market. Sandeep Junnarkar writes for News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below