N-Stalker - The Web Security Specialists

Web Security Intelligence Labs
About WSI Labs
Security Advisories
Latest Updates
Free Tools

Latest Security Advisories

Critical Vulnerability in Apache

The Apache Group has announced the release of version 2.0.52 and 1.3.33 of Apache HTTP Server. All users are urged to upgrade their servers due to security problems found in both versions.

Concerning the 2.0.x series, the fix will address the following security flaw:

Fix merging of the Satisfy directive, which was applied to the surrounding context and could allow access despite configured authentication.
[CAN-2004-0811 (cve.mitre.org)]

Concerning the 1.3.x series, the fix will address the following security flaw:

Fix potential buffer overflow with escaped characters in SSI tag string.
[CAN-2004-0940 (cve.mitre.org)]
Reject responses from a remote server if sent an invalid (negative) Content-Length.
[CAN-2004-0492 (cve.mitre.org)]

For more information, please, see the official announcement at:
http://www.apache.org/dist/httpd/Announcement.html.

Download the latest version at:
http://httpd.apache.org/download.cgi