Remote Apache Vulnerability Announced
A remote vulnerability has been discovered in the Apache HTTP server, versions up to 1.3.24 and 2.0 through 2.0.36 for both Windows and *nix. The hole is in routines which deal with invalid requests encoded using chunked encoding, which is enabled by default. A maliciously crafted request could lead to denial of service or possibly a remote exploit. Apache’s official advisory has more information, and keep an eye on their source distribution page for a patch.
This entry was posted in Previous Security Advisories. Bookmark the permalink.