Exploit Code Released for Apache Flaw
The exploit code is for version 1.3.x of the Apache HTTP server and only works on machines running OpenBSD.Just two days after several advisories warned of a serious vulnerability in the popular Apache Web server, a file containing exploit code for the flaw was posted Wednesday to several mailing lists and security sites. The message was posted Wednesday afternoon by a member of the volunteer security team known as Gobbles Security. The message was sent to the Bugtraq and Vuln-Dev security mailing lists as well as to the Packetstorm site, which archives exploits.
The exploit code is for version 1.3.x of the Apache HTTP server and only works on machines running OpenBSD, according to the Gobbles message. In the e-mail, the author takes a shot at big security vendors, saying that the exploit code "was written for the community, and not just a few companies with deep pockets full of the big dollar."