Serious Apache Exploit Discovered 160
bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit."
Note: according to the advisory, this exploit is exclusive to Windows.
It's unanimous! (Score:5, Funny)
7 out of the first 8 posts agree that this is Windows only.
Update to 2.2.15 (Score:2, Funny)
Re:It's unanimous! (Score:5, Funny)
7 out of the first 8 posts agree that this is Windows only.
You must be using Windows Calculator!
You bastards gave me a heart attack! (Score:5, Funny)
Gain Complete Control (Score:5, Funny)
I would really like to make a shirt that says: "This T-shirt has a serious exploit that allows a remote attacker to gain complete control."
It should be printed around the bottom hem for maximum effect.
Could also work on tighty whiteys.
I said I'd like to make it, not wear it. :-)
Whose fault...? (Score:3, Funny)
I don't know whose fault it is but the idea of running ISS plugins under Apache on Windows scares me. Whose fault is it when you run naked through the "hot" ward snogging the e-bola patients? It's ironic that you end up getting sick because the pretty nurse you kissed had mono, but ... good lord, people...
Thanks, jackass. (Score:3, Funny)
Thanks, jackass. Just what I wanted on a Monday morning: to update a half dozen Internet-facing source-based systems. Of course, it was a false alarm: submitter was too much of a toolbag to mention it was Windows-only.
(And, it being a Monday morning, I didn't initially notice the mention of mod_isapi. Of course.)
Re:Note: Apache ON WINDOWS (Score:3, Funny)
Muddling terms is how you end up with nonsense like not being able to tell programs from data.
But windows admins can't tell data from programs. They put both under c:\program files