The update of the Apache HTTP Server (httpd) to version 2.2.18 earlier this month to close a denial of service (DoS) problem appears to have exposed a related DoS vulnerability. The developers have nowreleased httpd 2.2.19 to fix this new problem which has been rated as moderately critical; however, as with the previous DoS vulnerability, it requires that mod_autoindex is enabled in the web server.
It appears that the updated Apache Portable Runtime (APR) 1.4.4 – which was bundled with the server to correct the denial of service vulnerability – could cause httpd workers to enter a 100% CPU utilising hung state when calling
apr_fnmatch
. An update to APR, version 1.4.5, which resolves the issue has been released by the APR developers and is bundled with Apache HTTP Server 2.2.19. Users can upgrade to httpd 2.2.19 or, if running httpd 2.2.17 or earlier, work around the denial of service problem by using the "IgnoreClient" option of the "IndexOptions". The problem was first noted and tracked on Debian mailing lists.The developers also took the opportunity to fix an inadvertently changed function signature for
ap_unescape_url_keep2f
which had broken binary compatibility with some third party modules. The 2.2.19 update to httpd is available to download from the project's download page. The updated APR 1.4.5 is also available for download for developers who use the library in other projects.LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
download