Security Holes Uncovered in Apache, OpenSSLBy Larry Seltzer | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
Recently uncovered vulnerabilities in OpenSSL and Apache create the potential for attackers to tie up Web services, crash OpenSSL applications.Security researchers on Friday uncovered a vulnerability in the open-source Apache Web server software that could easily enable a denial of services attack. The discovery follows on the heels of three holes found in the popular OpenSSL security software Wednesday.
The Apache problem is one of several reported in Version 2.0.48, and lets an attacker open a short-lived connection on a particular, rarely accessed listening socket. The software will block out all other connections until another connection comes in on the same socket. Reports differed on exactly which platforms and versions were affected by this problem, but not all are affected.
On Friday, The Apache Software Foundation announced an update to its HTTP Server software that fixed the problem as well as several others. Version 2.0.49 is available for download from the Apache HTTP Server Project Web site.