A new Apache version was announced today to address security vulnerabilities found in the previous version (2.0.48).

According to the Apache Foundation, the new version (2.0.49) will mainly fix the following vulnerabilities:

• Race Condition on Short-Lived Connections
  When using multiple listening sockets, a denial of service attack is possible on some platforms due to a race condition in the handling of short-lived connections. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux.
  [CAN-2004-0174]
• Arbitrary User-input log injection
  Arbitrary client-supplied strings can be written to the error log which can allow exploits of certain terminal emulators.
  [CAN-2003-0020]
• Denial-of-Service on mod_ssl
  A remotely triggered memory leak in mod_ssl can allow a denial of service attack due to excessive memory consumption.
  [CAN-2004-0113]

For further details, please, see the announcement. We urge our customers to upgrade their Apache version as soon as possible.

For more information on how N-Stealth can protect you, please, contact us at contact@nstalker.com.