A new flaw has been discovered in Apache Web Server that could allow cyber criminals to take control of system privileges, according to a security research firm.
Sense of Security (SoS) released an advisory claiming the core mod_isapi module in the most popular open source HTTP server could be targeted to induce the vulnerability.
The report said: "By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory."
It continued to claim that although this would be unloaded, function pointers would still remain, allowing attackers to take control - what SoS calls "a dangling pointer vulnerability."
The vulnerability was given a high severity rating by the researchers who said it definitely affected version 2.2.14 on the Windows platform but could also affect others.
The simple solution and advice for users is to upgrade to version 2.2.15. Users can also download the proof of concept from SoS from here.
IT PRO contacted Apache for comment on the new flaw but it had not responded to our request at the time of publication.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
Why the likes of Shopify are bringing web designers to an endOpinion Modern tools like Shopify are letting small businesses create viable sites for a fraction of the price it might have once cost
-
Modernise your server infrastructure for speed and securityWhitepaper Infrastructure lifecycle automation paves the way for an adaptive, resilient organisation
-
The best deals on web hosting this Black FridayNews From GoDaddy, to Bluehost - we've got the roundup of the best discounts on web hosting your business needs
-
Lenovo and VMware collaborate on resilient edge computingNews Lenovo ThinkSystem SE350 Edge Servers will ship with pre-installed VMware edge software
-
Iceotope touts super liquid cooling for data centresNews Using 3M’s Novec coolant, the company claims it can cut cooling costs to zero.
-
Lynch: What’s changing is the ‘I’ in ‘IT’News The former Autonomy CEO and current head of information management at HP claims it is the meaning of the data that matters.
-
EMC initiates Project Lightning, Thunder to followNews The storage giant launches its first Project Lightning product, bringing flash to the server.
-
Intel touts Knights Corner 1 teraflop performanceNews New accelerator chip based om Many Integrated Core architecture breaks the one-teraflop barrier
