SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java
From the News Desk
Monday, 16. June 2008
New Version of the Apache HTTP Server Released With Vulnerabilities
The Apache HTTP server project team has released version 2.2.9 of the Apache Web server. The Apache HTTP server is available as open source HTTP server operating systems including UNIX, MS Windows, Macintosh and Netware. This version is mainly a bugfix release. The vulnerabilities addressed are:
· CVE-2008-2364 (cve.mitre.org) - mod_proxy_http: better handling of interim responses from the originating server to prevent denial of service and high memory consumption.
· CVE-2007-6420 (cve.mitre.org) - mod_proxy_balancer: Prevents CSRF attacks against the balancer Manager interface.
The Legacy releases of Apache HTTP server are now available in new versions 1.3.41 and 2.0.63. The Apaches recommend in this context, however, the migration to Apache 2.2.
This release contains version 1.3.0 of the Apache Portable Runtime (APR) bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv) should be to ensure the binary compatibility will be upgraded, they also address many known platform bugs.
This version also extends the Apache 2.0 API. Modules for Apache 2.0 must be recompiled to run with Apache 2.2 and to require only minor source code changes.
Related Links
HTTP Server 2.2.9
· CVE-2008-2364 (cve.mitre.org) - mod_proxy_http: better handling of interim responses from the originating server to prevent denial of service and high memory consumption.
· CVE-2007-6420 (cve.mitre.org) - mod_proxy_balancer: Prevents CSRF attacks against the balancer Manager interface.
The Legacy releases of Apache HTTP server are now available in new versions 1.3.41 and 2.0.63. The Apaches recommend in this context, however, the migration to Apache 2.2.
This release contains version 1.3.0 of the Apache Portable Runtime (APR) bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv) should be to ensure the binary compatibility will be upgraded, they also address many known platform bugs.
This version also extends the Apache 2.0 API. Modules for Apache 2.0 must be recompiled to run with Apache 2.2 and to require only minor source code changes.
Related Links
HTTP Server 2.2.9
