Apache 2.2.14 Security Fixes

By Sean Michael Kerner (Send Email)
Posted Oct 6, 2009

The Apache Software Foundation this week updated its popular open source Apache HTTP server.

The Apache Software Foundation Monday released a new update to its Apache HTTP server.

Apache HTTP Server 2.2.14 fixes three security vulnerabilities which could potentially have left users at risk, albeit a small risk.

One of the fixes is for a NULL pointer dereference in the mod_proxy_ftp module. The flaw potentially could have enabled an attacked to trigger a denial of service (DoS) attack via an Apache powered FTP server. NULL pointer errors are common in software development. According to a recent Coverity study, NULL pointer errors have remained the most common type of coding error in open source software over the past three years.

There is also a security fix specific to the Solaris build of Apache, fixing a flaw that could cause the server to reset.

Apache included numerous other (non-security) bug fixes making Apache 2.2.14 more stable.

As part of the update, Apache is not currently updating it's older Apache 2.0.x and Apache 1.3.x web servers. The last releases for those legacy web servers came in January of 2008.

See the complete list of changes, here

Follow ServerWatch on Twitter

Article courtesy of InternetNews.com

Page 1 of 1

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date