A new flaw has been discovered in Apache Web Server that could allow cyber criminals to take control of system privileges, according to a security research firm.
Sense of Security (SoS) released an advisory claiming the core mod_isapi module in the most popular open source HTTP server could be targeted to induce the vulnerability.
The report said: "By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory."
It continued to claim that although this would be unloaded, function pointers would still remain, allowing attackers to take control - what SoS calls "a dangling pointer vulnerability."
The vulnerability was given a high severity rating by the researchers who said it definitely affected version 2.2.14 on the Windows platform but could also affect others.
The simple solution and advice for users is to upgrade to version 2.2.15. Users can also download the proof of concept from SoS from here.
IT PRO contacted Apache for comment on the new flaw but it had not responded to our request at the time of publication.
-
Is the traditional MSP service desk dead?Industry Insights AI and B2C expectations are reshaping B2B service desks and MSP strategy
-
From phone calls to roll calls: 3CX has the answerHow Yellowgrid, a 3CX Platinum distributor, has taken advantage of 3CX Phone System’s customisable nature to create a time-saving solution already embraced by over 100 UK schools
-
Why the likes of Shopify are bringing web designers to an endOpinion Modern tools like Shopify are letting small businesses create viable sites for a fraction of the price it might have once cost
-
Modernise your server infrastructure for speed and securityWhitepaper Infrastructure lifecycle automation paves the way for an adaptive, resilient organisation
-
The best deals on web hosting this Black FridayNews From GoDaddy, to Bluehost - we've got the roundup of the best discounts on web hosting your business needs
-
Lenovo and VMware collaborate on resilient edge computingNews Lenovo ThinkSystem SE350 Edge Servers will ship with pre-installed VMware edge software
-
Iceotope touts super liquid cooling for data centresNews Using 3M’s Novec coolant, the company claims it can cut cooling costs to zero.
-
Lynch: What’s changing is the ‘I’ in ‘IT’News The former Autonomy CEO and current head of information management at HP claims it is the meaning of the data that matters.
-
EMC initiates Project Lightning, Thunder to followNews The storage giant launches its first Project Lightning product, bringing flash to the server.
-
Intel touts Knights Corner 1 teraflop performanceNews New accelerator chip based om Many Integrated Core architecture breaks the one-teraflop barrier
