CERT has issued advisory CA-2002-17 covering the remote DoS and code execution security hole in Apache web servers, which run 56% of the Internet’s web sites according to the latest Netcraft survey. Numerous reactions to the vulnerability, particularly the way ISS disclosed it before notifying the Apache organization, have been sprouting up all over the news and security mailing lists today. The Register has commentary on how Apache was screwed by ISS’ timing and incorrect patch suggestion. Wired is also running an article summarizing the issue, and you can check out David Litchfield’s response to the disclosure on BugTraq.