Critical Vulnerability in Apache

By N-Stalker Team on November 2, 2004

The Apache Group has announced the release of version 2.0.52 and 1.3.33 of Apache HTTP Server. All users are urged to upgrade their servers due to security problems found in both versions.

  • Concerning the 2.0.x series, the fix will address the following security flaw:
    • Fix merging of the Satisfy directive, which was applied to the surrounding context and could allow access despite configured authentication.
      [CAN-2004-0811 (cve.mitre.org)]
  • Concerning the 1.3.x series, the fix will address the following security flaw:

For more information, please, see the official announcement at:
http://www.apache.org/dist/httpd/Announcement.html.

Download the latest version at:
http://httpd.apache.org/download.cgi

This entry was posted in Previous Security Advisories. Bookmark the permalink.