1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

security issue in Apache

Discussão em 'Windows Desktop e Surface' iniciada por Andr0m3da, 22 de Junho de 2002. (Respostas: 2; Visualizações: 1084)

  1. Andr0m3da

    Andr0m3da Power Member

    According to a security bulletin released by The
    Apache Software Foundation (at
    -http://httpd.apache.org/info/security_bulletin_20020617.txt vulnerability
    has been discovered in Apache, the most widely-used HTTP server on the
    Internet. The problem lies in a buffer overflow in the server that could
    allow a malicious user to run arbitrary code.

    When a user wants to send information to a web server, this server needs to
    reserve buffer space to store the transmitted data. If the length of the
    data is unknown, the browser and the server 'agree' to divide the
    information into segments of a given size. This is known as chunked

    The vulnerability stems from the fact that Apache can fail on establishing
    the parameters in the "chunked encoding" negotiation, which would enable an
    attacker to send more data than the buffer could handle. It is therefore
    possible to cause the web server to block or to remotely run random code.

    Until now, it has been possible to exploit the vulnerability in version
    1.3.24 for Windows(Win32) platforms, although other versions may also be
    affected. However, thanks to the fact that Apache is an Open Source project,
    corrections have already been supplied by third parties. In any event, The
    Apache Software Foundation has published versions 1.3.26 and 2.0.39, which
    solve the problem and can be downloaded from the official website at

    According to Netcraft statistics (http://www.netcraft.com/survey/) 63
    percent of web servers on the Internet use Apache, way ahead of any
    Microsoft, Zeus or iPlanet solutions. For this reason, this could be a
    critical Internet vulnerability.
  2. nagger

    nagger Power Member

    Já há ferramentas para usar esta vulnerabilidade, vejam <a href="http://www.theinquirer.net/21060212.htm">aqui</a>

    Para quem tem um Apache mesmo em Win32 convém fazer o upgrade de versão para tapar o buraco.
  3. possessed

    possessed Full Throttle BOINC Roller

    pois, eu quero ver mesmo é como é que vai ficar o Apache 2.0, deve estar um máximo

Partilhar esta Página