Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

apache web VULNERABILITY



Hi ,
    One of my friends sent this info ... can some one comment on this ?

cheers
Andy

----------------------------------------------------------------------------
---------------------------------------------------------------------------
ALERT - APACHE WEB VULNERABILITY

Free Vulnerability Scanning Utility Now Available

Two days ago a vulnerability that affects Apache web server software was
announced. The vulnerability is a remote buffer overflow in the section of
code that handles chunked-encoding requests. It is possible for attackers to
manipulate this vulnerability to execute code against any vulnerable
versions of Apache. This includes the Unix and Windows versions.

It should also be noted that since the Apache vulnerability was released,
exploit programs that take advantage of the vulnerability have been
distributed to the Internet. This makes the chances of attack, and even the
possibility a large scale attack such as a worm, much greater.

Due to the fact that Apache is the most deployed web server software on the
Internet, detecting and patching this vulnerability is critical for many
administrators. eEye has created a free tool that IT administrators can use
to scan their networks for vulnerable Apache servers. The tool also provides
a link to information on how to correctly patch vulnerable servers.

To learn more about the free scanning tool visit:
http://www.eeye.com/html/Research/Tools/apachechunked.html

Note: A recent update to eEye's Retina Network Security Scanner included an
audit for this particular Apache vulnerability. Retina users should be sure
to run an "Auto-Update" to obtain this and other new vulnerability checks.






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org