Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Hi , One of my friends sent this info ... can some one comment on this ? cheers Andy ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ALERT - APACHE WEB VULNERABILITY Free Vulnerability Scanning Utility Now Available Two days ago a vulnerability that affects Apache web server software was announced. The vulnerability is a remote buffer overflow in the section of code that handles chunked-encoding requests. It is possible for attackers to manipulate this vulnerability to execute code against any vulnerable versions of Apache. This includes the Unix and Windows versions. It should also be noted that since the Apache vulnerability was released, exploit programs that take advantage of the vulnerability have been distributed to the Internet. This makes the chances of attack, and even the possibility a large scale attack such as a worm, much greater. Due to the fact that Apache is the most deployed web server software on the Internet, detecting and patching this vulnerability is critical for many administrators. eEye has created a free tool that IT administrators can use to scan their networks for vulnerable Apache servers. The tool also provides a link to information on how to correctly patch vulnerable servers. To learn more about the free scanning tool visit: http://www.eeye.com/html/Research/Tools/apachechunked.html Note: A recent update to eEye's Retina Network Security Scanner included an audit for this particular Apache vulnerability. Retina users should be sure to run an "Auto-Update" to obtain this and other new vulnerability checks.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |