Apache Fixes Flaw in Web Server | eWeek

Apache Fixes Flaw in Web Server

Verfasst von
Dennis Fisher
Dennis Fisher
Oct 4, 2002
1 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

A new vulnerability in the Apache Web server gives local users the ability to terminate processes or launch denial-of-service attacks against the server.

The Apache Software Foundation has released an updated version of the affected server. The new release, 1.3.27, fixes the problem.

The vulnerability is in the shared memory scoreboard, which is stored in a shared memory segment owned by the Apache server. Any user who can obtain execution permissions under the Apache UID can send signals to any process as root, and in most cases, terminate the process, according to a bulletin published Thursday by iDefense Inc., a Chantilly, Va., security company.

Also, an attacker with the proper permissions could cause a denial-of-service condition on the Apache server.

IDefense said that is has been able to terminate arbitrary processes with this exploit, including some that terminated other users sessions.

The Apache 1.3.27 release also includes a fix for a cross-site scripting vulnerability present in the default error page for Apache 1.3x up to 1.3.26. When UseCanonicalName is off and support for wildcard DNS is present, the flaw allows remote attackers to execute script as other web page visitors via the Host: header.

The flaw also affects Apache 2.0 before 2.0.43.

The new versions of the Apache server are available at the Apache Web site.

Related Stories:

  • Bugbear Virus Still Running Wild
  • More Security Coverage
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.