June 17, 2002

Two security alerts point to Apache Web Server flaws

"Two security alerts about new vulnerabilities affecting the popular open-source Apache Web Server have been posted by two groups today... The nonprofit Apache HTTP Server Project group has issued a bulletin about a vulnerability that can allow distributed denial-of-service attacks in Apache Versions 1.3, including 1.3.24, and Apache 2, including all versions up to 2.0.36... In a separate posting, Atlanta-based security vendor ISS reported the discovery of an Apache vulnerability that contains a flawed mechanism meant to calculate the size of 'chunked' encoding for Windows 32-bit users."


  • Security
Click Here!