Apache Fixes Flaw in Web Server | eWeek

Apache Fixes Flaw in Web Server

Écrit par
Dennis Fisher
Dennis Fisher
Oct 4, 2002
1 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A new vulnerability in the Apache Web server gives local users the ability to terminate processes or launch denial-of-service attacks against the server.

The Apache Software Foundation has released an updated version of the affected server. The new release, 1.3.27, fixes the problem.

The vulnerability is in the shared memory scoreboard, which is stored in a shared memory segment owned by the Apache server. Any user who can obtain execution permissions under the Apache UID can send signals to any process as root, and in most cases, terminate the process, according to a bulletin published Thursday by iDefense Inc., a Chantilly, Va., security company.

Also, an attacker with the proper permissions could cause a denial-of-service condition on the Apache server.

IDefense said that is has been able to terminate arbitrary processes with this exploit, including some that terminated other users sessions.

The Apache 1.3.27 release also includes a fix for a cross-site scripting vulnerability present in the default error page for Apache 1.3x up to 1.3.26. When UseCanonicalName is off and support for wildcard DNS is present, the flaw allows remote attackers to execute script as other web page visitors via the Host: header.

The flaw also affects Apache 2.0 before 2.0.43.

The new versions of the Apache server are available at the Apache Web site.

Related Stories:

  • Bugbear Virus Still Running Wild
  • More Security Coverage
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.