According to a security bulletin released by The Apache Software Foundation (at -http://httpd.apache.org/info/security_bulletin_20020617.txt vulnerability has been discovered in Apache, the most widely-used HTTP server on the Internet. The problem lies in a buffer overflow in the server that could allow a malicious user to run arbitrary code. When a user wants to send information to a web server, this server needs to reserve buffer space to store the transmitted data. If the length of the data is unknown, the browser and the server 'agree' to divide the information into segments of a given size. This is known as chunked encoding. The vulnerability stems from the fact that Apache can fail on establishing the parameters in the "chunked encoding" negotiation, which would enable an attacker to send more data than the buffer could handle. It is therefore possible to cause the web server to block or to remotely run random code. Until now, it has been possible to exploit the vulnerability in version 1.3.24 for Windows(Win32) platforms, although other versions may also be affected. However, thanks to the fact that Apache is an Open Source project, corrections have already been supplied by third parties. In any event, The Apache Software Foundation has published versions 1.3.26 and 2.0.39, which solve the problem and can be downloaded from the official website at http://httpd.apache.org/. According to Netcraft statistics (http://www.netcraft.com/survey/) 63 percent of web servers on the Internet use Apache, way ahead of any Microsoft, Zeus or iPlanet solutions. For this reason, this could be a critical Internet vulnerability.