Apache to patch DoS vulnerability "within 96 hours"
By Chris Taylor
26/08/2011
The Apache web server team has promised that a security flaw, that could lead to a denial-of-service (DoS) attack, will be fixed within the next few days.
An eWeekEurope.co.uk report confirms that Apache is the most widely-used web server software in the world, accounting for 65 per cent of all such software currently in use, which means that a fix is desperately needed.
A DoS attack is an attempt to make a computer resource unavailable to its intended users. The instance of one could leave a website temporarily down, for example, as seen in attacks such as those made against the Sony corporation earlier this year.
Describing the risk in full, DarkReading.com cites an Apache statement which reads: "By sending specially crafted HTTP requests which include malformed range HTTP header, an attacker can disrupt the normal function of the web server, thus disallowing legitimate users to receive responses from the web server.
"This issue affects all Apache software versions and a patch has not been released yet," it confirmed.
In light of the discovery of the vulnerability, Apache recommend that administrators investigate their systems and take steps to protect their web servers until the patch is available. Patch management software should then be used to update systems after its release.
IT administrators running Mac-based servers will have to wait until Apple releases its own patch as its operating systems are maintained wholly by the company itself and not Apache.
