| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / january, 2004 / Problems in Apache modules 

Problems in Apache modules

Problems in Apache modules

SecurityTracker has reported vulnerabilities in the mod_perl and mod_python modules in Apache, which can be used to run scripts on the Apache server.

The security flaw that affects mod_perl could allow a user to take over the Apache http and https services. This situation is made worse, as an exploit (*) that demonstrates the vulnerability is available.

The vulnerability in the mod_python module allows an attacker to cause the web server to crash by constructing a specific query. In order to resolve this vulnerability, users are recommended to install version 2.7.10 of this module, which is available at:
http://httpd.apache.org/modules/python-download.cgi

More information at:

- http://www.securitytracker.com/alerts/2004/Jan/1008822.html

- http://www.securitytracker.com/alerts/2004/Jan/1008828.html

(*) Exploit: This can be a technique or a program that takes advantage of a vulnerability or security hole in a certain communication protocol, operating system, or other IT utility or application.

 

Oxygen3 24h-365d, by Panda Software
© Panda Software 2004

 

2004-01-24 11:56

Back