New Apache version closes holes
The Apache Foundation has released versions 2.0.61 and 2.2.6 of its HTTP server. The updates not only include numerous bug fixes, but also eliminate five security issues. Attackers can no longer crash the mod_proxy and mod_cache modules with crafted requests or inspect the headers of prior connections using a flaw in mod_mem_cache. In addition, a cross-site scripting vulnerability in the mod_status module has been fixed. On top of that, a DoS vulnerability in the Prefork MPM module has been eliminated. The manufacturer encourages all users to upgrade to the new version.
- Apache HTTP Server 2.2.6 Released, announcement by the Apache Foundation
- Apache HTTP Server 2.0.61 Released, Announcement by the Apache Foundation
(mba)