Critical Vulnerability in Apache
The Apache Group has announced the release of version 2.0.52 and 1.3.33 of Apache HTTP Server. All users are urged to upgrade their servers due to security problems found in both versions.
- Concerning the 2.0.x series, the fix will address the following security flaw:
- Fix merging of the Satisfy directive, which was applied to the surrounding context and could allow access despite configured authentication.
[CAN-2004-0811 (cve.mitre.org)] - Concerning the 1.3.x series, the fix will address the following security flaw:
- Fix potential buffer overflow with escaped characters in SSI tag string.
[CAN-2004-0940 (cve.mitre.org)] - Reject responses from a remote server if sent an invalid (negative) Content-Length.
[CAN-2004-0492 (cve.mitre.org)]
For more information, please, see the official announcement at:
http://www.apache.org/dist/httpd/Announcement.html.
Download the latest version at:
http://httpd.apache.org/download.cgi
This entry was posted in Previous Security Advisories. Bookmark the permalink.