Apache HTTP server 2.2.15

Apache has released HTTP Server version 2.2.15, which addresses a number of security exposures in prior versions of the HTTP server. Of particular note is the updating of the OpenSSL library to 0.9.8m which addresses the renegotiation issues outlined in CVE-2009-3555. At the time of writing, the links to the complete changelog and downloads for 2.2.15 were not visible on the Apache Web site, however, we urge users to apply this latest vendor update as soon as possible.
http://mail-archives.apache.org/mod_mbox/www-announce/201003.mbox/%3C4B92BC77.8050401@apache.org%3E
http://httpd.apache.org/download.cgi

Proof of concept code exploiting a vulnerability (CVE-2010-0425) in the Apache HTTP server version 2.2.14, mod_isapi, was published to a well known Web site. Notes in the code state that the exploit may need to be run several times to achieve successful spawning of a shell however – a success rate of 70% is reported. Also mentioned in the code is that, if DEP is enabled (Windows platforms) for the Apache process, the result may be a denial of service condition. As CVE-2010-0425 is one of those noted as addressed in the above 2.2.15 release, we again suggest updating as soon as possible.
http://www.exploit-db.com/exploits/11650
http://securityreason.com/wlb_show/WLB-2010030028

• Parent

  • Arizona IT Management LLC

• Tagged

  2010 adobe antivirus apache atm aurora availability avast avg avira awareness azitmgmt business cisco email facebook hackers id theft individual informationarmor information security infosec integrity kapersky mcafee micro microsoft myspace nod32 norton panda passwords Patches phishing predictions samba Security seo sophos symantec trend twitter update Vulnerabilities Welcome

• Categories

  • Education
  • Management
  • Security
  • Welcome
•