A new flaw has been discovered in Apache Web Server that could allow cyber criminals to take control of system privileges, according to a security research firm.
Sense of Security (SoS) released an advisory claiming the core mod_isapi module in the most popular open source HTTP server could be targeted to induce the vulnerability.
The report said: "By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory."
It continued to claim that although this would be unloaded, function pointers would still remain, allowing attackers to take control - what SoS calls "a dangling pointer vulnerability."
The vulnerability was given a high severity rating by the researchers who said it definitely affected version 2.2.14 on the Windows platform but could also affect others.
The simple solution and advice for users is to upgrade to version 2.2.15. Users can also download the proof of concept from SoS from here.
IT PRO contacted Apache for comment on the new flaw but it had not responded to our request at the time of publication.
-
Data center water consumption is out of control, but cloud providers want EU lawmakers to go easy on themNews The European Commission says water shortages are being exacerbated by leaks and pollution, but also points to high usage from data center operators.
-
British IT worker jailed for revenge attack on employer that caused a “ripple effect of disruption” for colleagues and customersNews West Yorkshire man Mohammed Umar Taj was suspended from his job in Huddersfield in July 2022, and began taking revenge within hours.
-
Why the likes of Shopify are bringing web designers to an endOpinion Modern tools like Shopify are letting small businesses create viable sites for a fraction of the price it might have once cost
-
Modernise your server infrastructure for speed and securityWhitepaper Infrastructure lifecycle automation paves the way for an adaptive, resilient organisation
-
The best deals on web hosting this Black FridayNews From GoDaddy, to Bluehost - we've got the roundup of the best discounts on web hosting your business needs
-
Lenovo and VMware collaborate on resilient edge computingNews Lenovo ThinkSystem SE350 Edge Servers will ship with pre-installed VMware edge software
-
Iceotope touts super liquid cooling for data centresNews Using 3M’s Novec coolant, the company claims it can cut cooling costs to zero.
-
Lynch: What’s changing is the ‘I’ in ‘IT’News The former Autonomy CEO and current head of information management at HP claims it is the meaning of the data that matters.
-
EMC initiates Project Lightning, Thunder to followNews The storage giant launches its first Project Lightning product, bringing flash to the server.
-
Intel touts Knights Corner 1 teraflop performanceNews New accelerator chip based om Many Integrated Core architecture breaks the one-teraflop barrier
