The Web is more vulnerable than ever

[Fakeboy]

FYI.... from Oxygen..

Security Administrator mirrors (*) a recent survey carried out by Netcraft, which demonstrates that websites are more vulnerable than ever, due to recently reported problems with Internet Information Server (IIS) and Apache.

The survey of 38,807,788 Web servers, which was carried out in June, reveals that 23 million websites - 59.67% of the sample analyzed - run under Apache software and 28.96% run IIS. Furthermore, 45% of these IIS sites support '.htr' file mapping, meaning that they could be vulnerable to buffer overflow attacks when handling these files, even though Microsoft reported and fixed this problem on June 11.

This Netcraft survey also reveals that the Apache vulnerability, which could allow an attacker to remotely compromise the server, has been patched in 6 million Apache web sites. However, over 14 million servers are still vulnerable, although the problem was reported on June 17.

[paldie]

Don't netadmin know about patching system or do they just let these things ride all the time. I have a windows enviorment patching system is constant issue I have to deal with since it has to be done on a regular basis.

I guess I understand it. I had one system two days ago. I little development testing server all of a sudden got nimda... I couldn't believe it. But when I look it wasn't patched at all... so I screwed up what can I say, I corrected it and it is now hardened... But it wasn't production and I was sloppy.... It is to say that 66% of the neadmins don't know about this stuff or do the just not care... All that is required is running the updates...

Totally mind boggling... I cant believe people risk their jobs and livelyhood over this...

[ammo]

Numbers about apache might be somewhat off if they only accounted for version numbers...
I run a patched apache 1.3.24 which isn't vulnerable but might be accounted as vulnerable...

Ammo