[ISN] Apache exploit circulating, users urged to patch

From: InfoSec News (isnat_private)
Date: Fri Jun 21 2002 - 02:48:19 PDT

  • Next message: InfoSec News: "RE: [ISN] Free tool: apache chunked vulnerability scanner"

    By Sam Costello
    IDG News Service, 06/20/02
    If users have put off patching their Apache Web servers against the 
    vulnerability discovered Monday, they should wait no longer, as an 
    exploit to attack the security hole is now circulating on the 
    Internet, according to Oliver Friedrichs, director of engineering at 
    The exploit -- a tool which makes attacking a vulnerability easier -- 
    was posted to the Bugtraq security e-mail list on Wednesday, 
    Friedrichs said.
    The existence of an exploit "makes the possibility of a worm that 
    targets these (systems) more likely," he said.
    The vulnerability, announced Monday by Internet Security Systems Inc., 
    and then expanded upon by the Apache Software Foundation, could allow 
    an attacker to take control of an affected Web server. Because of a 
    flaw in the way Apache handles uploads, an attacker could send a 
    specially formed request to the server and cause it to deny service to 
    legitimate users or take the system over, both groups said.
    More than 60% of the Web servers on the Internet use Apache, according 
    to data from Web server monitoring firm Netcraft.
    The CERT Coordination Center, a federally funded computer security 
    body located at Pittsburgh's Carnegie Mellon University, and Internet 
    Security Systems both updated their advisories on the vulnerability 
    after the release of the exploit, urging users to patch their systems.
    Despite the presence of an exploit, SecurityFocus "(hasn't) seen 
    increased attack activity" focused at Apache systems, Friedrichs said. 
    SecurityFocus monitors the networks of over 9,000 companies in over 
    145 countries for security data and then aggregates it to create a 
    picture of global, regional and industry-specific Internet security.
    The dearth of attacks isn't surprising to Friedrichs, as there is 
    usually a one- to two-week period between vulnerability announcements 
    and attacks, he said.
    Though the exploit released Wednesday only attacks Apache 
    installations running on the OpenBSD operating system, "it's not a 
    monumental task... for someone to modify it (to work with other 
    operating systems)," he said.
    Users should patch their systems immediately and check with their 
    vendors for more information, Friedrichs said.
    "People... should be making the patching of their Apache servers a 
    high priority," he said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 05:09:50 PDT