Apache Vulnerability Announced 307
Aaron writes "Versions of the Apache HTTP Server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. In some cases it may be possible to
cause a child process to terminate and restart,
which consumes a non-trivial amount of resources. See the official
announcement and stay tuned here for updated versions." This is in response to the rather uninformed and questionable security notice by ISS X-Force, about a bug that has already been mentioned on the public mailing lists for Apache and is fixed in CVS for Apache 2.0.
I am also told that their patch doesn't fully solve the problem. I am sure though that by awaking us to the problem they will get a lot of great press just like any of the other companies currently using useless bug announcements as press releases.
Oh oh (Score:0, Funny)
Switch to IIS (Score:4, Funny)
Not enough time!! (Score:2, Funny)
A bug in open source code? (Score:2, Funny)
Useless bug announcements-- My turn! (Score:3, Funny)
Too good (Score:3, Funny)
Please note that the patch provided by ISS does not correct this vulnerability.
Will upgrading to 32-bit color on my hard drive fix it or do I need to upgrade my monitor refresh rate to 512MB?
Re:Switch to IIS (Score:4, Funny)
Yes, they tried but it's hard to get people to work on weekends.