Apache Week
   

Copyright 1996-2005
Red Hat, Inc.

First published: 16th November 2001

Apache Security

Apache Chunked encoding vulnerability
Requests to Apache 1.3 and Apache 2.0 can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to be remotely exploited. (June 18th 2002).

Security flaw found in mod_ssl and Apache-SSL
A buffer overflow has been found in mod_ssl in all versions prior to 2.8.7-1.3.23 (February 23rd 2002).

Major vulnerabilities found in PHP
Major flaws have been found in the popular PHP scripting language commonly used with Apache web servers. These flaws have been found in the way PHP handles multipart/form-data POST requests. Each of these flaws could allow an attacker to execute arbitrary code on the remote system. All versions of PHP from 3.10 to 3.18 as well as 4.0.1 to 4.0.6 are vulnerable.

mod_rewrite canonicalisation
mod_rewrite is a powerful module for Apache used for rewriting URLs on the fly. However with such power comes associated risks; it is easy to make mistakes when configuring mod_rewrite which can turn into security issues.

How to check apache.org distributions
Using PGP or GPG it is easy to check the validity of an Apache distribution you are downloading.

Code Red requests for /default.ida
Don't panic if you see requests for the default.ida file in your Apache access logs. These requests are from the Code Red Worm designed to seek out vulnerable IIS servers.

Comments or criticisms? Please email us at editors@apacheweek.com