Home » News » Vulnerabilities » The Apache released its new version

The Apache released its new version

By Gina on October 21, 2010 | Vulnerabilities, Apache, Three vulnerabilities, hackers, flaw, new version, Apache HTTP Server Project The Apache released its new version

The Apache HTTP Server Project announced they have released Apache HTTP Server version 2.2.17 . This new version is presented with the purpose to fix three serious vulnerabilities: expat DoS CVE-2009-3720, expat DoS CVE-2009-3560, apr_bridage_split_line DoS CVE-2010-1623.

expat DoS CVE-2009-3720 , expat DoS CVE-2009-3560
Both buffer over-read vulnerabilities were found in a bundled expatriate library. Attackers, who would be able to force to parse unreliable XML documents in Apache software, can cause system crash if use these flaws for their malicious intentions.

apr_bridage_split_line DoS CVE-2010-1623
The third flaw was found in one functions of bundled APR-util library. It is used to process non-SSL applications. If attacker would choose to explore this flaw it can cause the brush-off service because the attacker can make that the timing of individual bytes work in their requests. This can be a consequence of slowly consumed memory.

More Vulnerabilities news

Shocking: 9 out of 10 websites still vulnerable to old attacks

Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle  (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.


News categories

Latest news

Related news