1 Apache bug prompts update advice - Security - News - ZDNet Australia
Breaking News: By the numbers: does Facebook ruin economies?

ZDNet / Apache / Story

Apache bug prompts update advice

By on March 8th, 2010 
Submit

IT security company Sense of Security has discovered a serious bug in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database.

Apache website screenshot

Apache website
(Screenshot by Colin Ho/ZDNet.com.au)

Discovered by the company's security consultant Brett Gervasoni, the vulnerability exists in Apache's core "mod_isapi" module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security.

Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit.

According to Sense of Security spokesperson Jason Edelstein, Apache is one of the most popular pieces of web server software used today and the vulnerability was one of the most significant bugs in Apache for years.

"The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows," Edelstein told ZDNet.com.au. "An attacker could gain access to, modify and take away data."

Edelstein advised users running Apache on Windows platforms to upgrade immediately as users have no way of knowing if their web servers have been compromised. The company's security advisory can be accessed here.

"Whilst in the past it was more overt and attackers would deface website pages, they're more likely now to conceal their access to maintain their foothold," said Edelstein, giving examples of attackers potentially exploiting the vulnerability by placing hidden pieces of code to capture credit card details from online transactions and install root kits on compromised websites.

"The latest version is not vulnerable," said Edelstein.

He added that an attacker would need a high degree of technical know-how to successfully exploit the vulnerability.

"You'd need to write a piece of code, a high level piece of code, which is quite difficult to create, and find a condition in the web server," said Edelstein.

"A proof of concept remote exploit has been written by Sense of Security, and it is feasible that others could write a similar exploit to completely compromise a Windows system," said Brett Gervasoni.

Talkback

Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Terms of Service - As a ZDNet registrant, and by using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.

Resource Centre Useful content from our premier sponsors

Quick Poll

What is the biggest data management challenge in your organisation?

ZDNet Australia Live

JB Hi-Fi apps coming next month: Terry Smart, CEO of JB Hi-Fi, has revealed that the first mobile application fo... http://t.co/1FDdyXRZ

That's how we roll! RT @GeordieGuy: Parliament's Internet filter blocks 35m websites, including the entire ".info" TLD http://t.co/REbah49S

RT @zdnetaustralia: By the numbers: does Facebook ruin economies? http://t.co/cedeuDRd

JB Hi-Fi apps coming next month: Terry Smart, CEO of JB Hi-Fi, has revealed that the first mobile application fo... http://t.co/015wvIok

I don't think the number of telco subscribers has anything to do with the population of a country. If you're not aware that most people h...

4 minutes ago by cootified on Optus adds 182K customers in quarter

Mozilla patches 'critical' #Firefox security hole. http://t.co/DYyieIxp

How much online privacy do you really have? Less than you think: How much privacy do you have on the web? An ind... http://t.co/McFI6jN0

How much online privacy do you really have? Less than you think http://t.co/I9qAVXYa

JB Hi-Fi apps coming next month – ZDNet Australia http://t.co/HHS5UuJz

iPad vs. Android tablet apps compared side-by-side - ZDNet: ZDNet iPad vs. Android tablet apps compared side-by-side ZDNet It would...

How much online privacy do you really have? Less than you think http://t.co/YhNGmt5f

iPad vs. Android tablet apps compared side-by-side - ZDNet: ZDNet iPad vs. Android tablet apps compared side-by-side ZDNet It would...

iPad vs. Android tablet apps compared side-by-side - ZDNet: ZDNet iPad vs. Android tablet apps compared side-by-side ZDNet It would...

iPad vs. Android tablet apps compared side-by-side - ZDNet: ZDNet iPad vs. Android tablet apps compared side-by-side ZDNet It would...

iPad vs. Android tablet apps compared side-by-side - ZDNet http://t.co/SnMG2uiu

#FOLLOW4FOLLOW #F4F How much online privacy do you really have? Less than you think http://t.co/Ylddm8Yq

#FOLLOW4FOLLOW #F4F Watch the GRAMMYs with your iPad - If you're watching the GRAMMY Awards tonight you should bust ... http://t.co/Sjp3BS8z

RT @sjvn: Iran cuts off access to popular Web sites http://t.co/KUYZLufA #Iran #censorship #ArabSpring by @sjvn

How much privacy do you have on the web? An independent group called PrivacyChoice has undertaken the formidable... http://t.co/Ib0C6gnM

iPad vs. Android tablet apps compared side-by-side - ZDNet http://t.co/6cbpfPY6

Ipad News: Watch the GRAMMYs with your iPad http://t.co/0eXknKWm

iPad vs. Android tablet apps compared side-by-side - ZDNet http://t.co/xwu3v6mf

"@edbott: How much online privacy do you really have? Less than you think | by @edbott @ZDNet http://t.co/xlnsCf8M"

How much online privacy do you really have » Less than you think. http://t.co/c4iEcawY

Google's Android+Chrome likely a winning combo: By Paula Rooney | February 7, 2012, 10:56pm PST Summary: The mar... http://t.co/3aSTJc6g

Optus adds 182K customers in quarter: Australia's number two telco Optus said it has posted a resilient third-qu... http://t.co/xWCvICzA

Apple sues Motorola over wireless patents http://t.co/YSni4boS

Optus adds 182K customers in quarter - Australia's number two telco Optus said it has posted a resilient third-quart... http://t.co/5UDDzy1N

RT @engochick: Odd decision for Senators to be able to opt out of the parliamentary network filter. http://t.co/7dXpr2G9

RT @GeordieGuy: Parliament's Internet filter blocks 35m websites, including the entire ".info" TLD http://t.co/zyDVhwrb

by http://t.co/vmlQ0Ecb: Google freezes prepaid cards for Wallet: Google has suspended the provisioning of prepai... http://t.co/InZWUwMA

It looks like all forms of Google Wallet are rooted, as are the users. If you get my meaning ... http://t.co/1BAIvyYw

Nerdly - Tech Stuff is out! http://t.co/PQCwWgIu ▸ Top stories today via @zdnetaustralia

Google freezes prepaid cards for Wallet: Google has suspended the provisioning of prepaid cards for Google Walle... http://t.co/z0BdawgS

It looks like all forms of Google Wallet are rooted, as are the users. If you get my meaning ... http://t.co/nmo7BXkg

wow, they don't pay much...“@zdnetaustralia: CenITex appoints a new CIO after a three-month search http://t.co/zfOAf1XY

http://www.budde.com.au/Research/Australia-Mobile-Communications-Subscriber-Statistics.html One for personal and one for business Inter...

40 minutes ago by digiscape on Optus adds 182K customers in quarter

One of the big benefits reported by remote (6 Mbps) interim NBN satellite service users is that ABC TV IView and other catchup TV service...

40 minutes ago by umbria on Satellite-hating Libs blow policy free kick

Hi Digiscape, Many people do actually have more than one mobile service. Certainly one work and one personal is usual and some people h...

44 minutes ago by suzanne.tindal on Optus adds 182K customers in quarter

The historical bandwidth demand growth is often documented. For instance: 13 October 2010, see slides 11-12 of http://www.nbnco.com.au/as...

50 minutes ago by umbria on Satellite-hating Libs blow policy free kick

According to the bureau of stats Australia as of today has a population of 22,829,529 Does this mean that every man, woman and child has...

58 minutes ago by digiscape on Optus adds 182K customers in quarter

i.e, the NBN. It comprises fibre to premises where this is cheaper to provision than wireless, fixed wireless to catch outlyers up to the...

1 hour ago by umbria on Satellite-hating Libs blow policy free kick

Vasso, welcome back! The $37.8 billion, ten year construction and operation budget of the NBN includes the design, launch and operation o...

1 hour ago by umbria on Satellite-hating Libs blow policy free kick

This could be something you might want to read tjb: http://delimiter.com.au/2012/02/11/the-truth-about-nbn-cos-satellite-needs/ "The res...

1 hour ago by Camm on Satellite-hating Libs blow policy free kick

Your children and grand children will thank you for your vision of envisaging that the only use for it is to download emails....

1 hour ago by Camm on Satellite-hating Libs blow policy free kick

+1 AJAX doesn't increase or reduce latency - latency is completely network related. Good use of AJAX masks latency for the user by re...

1 hour ago by kachau on Satellite-hating Libs blow policy free kick

For a start, I am the Director of Marketing and Sales for EM Solutions so my view is going to be slanted in favour of our Company's posit...

2 hours ago by jamiesmith2303 on Locals claim NBN contracts skip Australia

I mentioned H.264 because you may not realise and can be used to speed up the transmission of video, especially with "video conferencing"...

3 hours ago by omega on Satellite-hating Libs blow policy free kick

If you're interested in Clickbank read the full tutorial at http://www.waystomakemoneytutorials.com/2011/03/06/how-to-make-money-with-cli...

4 hours ago by joeyb on Why you shouldn't buy Facebook shares

I couldn't even buy one half of a share of facebook. No Internet stock should be that expensive. I'll stick with making my "fortune" by s...

4 hours ago by joeyb on Why you shouldn't buy Facebook shares

A government website http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm which publishes a list of the top 35 things you can do t...

5 hours ago by bevhost on Govt caught in internet-security time warp

Good article but this is terrifying. This is the number one response to Googling "compare and contrast linux versions" ... and the arti...

7 hours ago by ghost93 on Comparing four major Linux distributions

"Your doing a fine job of discrediting yourself but let me take it a step further." You sure of that sonny? "H.264 is not 40 years old....

11 hours ago by addinall.m on Satellite-hating Libs blow policy free kick

wow, both the comments above are so fraught with failure, it's disgusting.

11 hours ago by bren0 on Aussie activists call for 'ethical iPhone'

"According to my back-of-the-envelope calculation the round trip geostationary satellite latency for communicating between two locations ...

12 hours ago by addinall.m on Satellite-hating Libs blow policy free kick

This story has been voted 10 times in the last 24 hours!

1 day ago, IMAX replaces world's largest screen: pics

This story has been voted 5 times in the last 24 hours!

2 days ago, IMAX replaces world's largest screen: pics

Facebook Activity

Keep up with ZDNet Australia

LinkedinLinkedin Join our network

RSS FeedsRSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

AlertAlertsSubscribe now

ZDNet Events Calendar

ZDNet Events Calendar

Plan Comparison

Prev Next
Loading...
Deals powered by WhistleOut

Sponsored resources