In association with heise online

25 November 2011, 12:03

Apache patch patches poorly

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apache Feather According to a report from security specialist Prutha Parikh, a security vulnerability in the Apache web server that was patched in early October can still be exploited by remote attackers to access internal servers. The vulnerability is in the mod_proxy and mod_rewrite modules and arises when parsing rewrite rules.

Parikh discovered a scenario which is not dealt with by the patch and reported the problem to the Apache Foundation under a new CVE number (CVE-2011-3368). A patch is already being discussed on the Apache mailing list. Parikh describes an effective workaround in a post on the Qualys Security Labs blog.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit