04 Apr 2003 10:12
The Apache Software Foundation has released a patch for its Apache 2.0 HTTP Server to thwart a "significant" denial-of-service vulnerability.
Apache, which makes the popular open-source Web server application, released version 2.0.45 to fix a denial-of-service (DoS) problem. A DoS attack floods a network with data, rendering it inaccessible to legitimate queries. Version 2.0.45 is available from Apache's Web site.
The vulnerability in version 2.0.44 affects all operating systems, according to the advisory. But Apache issued a specific warning for OS/2 users, noting that for them the new patch still had a DoS vulnerability.
That outstanding issue will be fixed with the upcoming release of 2.0.46, but Apache said it was too important to delay the 2.0.45 patch.
The foundation urged, "All Apache 2.0 users are encouraged to upgrade now."
The foundation rushed the patch out perhaps to avert the kind of scenario that occurred last June, when a security firm released news of a flaw and gave Apache only a few hours to respond.
The DoS vulnerability in version 2.0.44 was discovered by David Endler of security firm iDefense. Apache did not provide specific details about the issues, noting only that Endler would publish details on 8 April.
Apache dominates the Web server market with nearly 63 percent market share, according to March statistics from consulting firm Netcraft. Microsoft trails well behind with 27.4 percent, and Sun Microsystems has a paltry 1.1 percent of the market.
Let the editors know what you think in the Mailroom.
Copyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.