http://techrepublic.com.com/5100-626...tag=html.alert
To fix one problem, you have to potenually open yourself to another.The Apache Software Foundation recently released a software update that fixed a number of problems but also introduced a dangerous new security threat.
There have been a number of recent Apache Web Server vulnerabilities that require the attention of administrators, security professionals, and Webmasters. The threats pose various levels of danger and some can be exploited remotely
The most recent vulnerability is a remotely exploitable threat that can allow an attacker to compromise access controls. This is being referred to as the �Satisfy� directory threat. You can see the original advisory here (scroll down to the description). The threat from this vulnerability is that some password-protected folders won�t be protected if you update to Apache version 2.0.51.
A locally exploitable buffer overrun vulnerability in the configuration file variable .htaccess (Bugtraq ID 11182, CAN-2004-0747) affects a large number of Apache 2.x versions and is found in most Linux versions, including Mandrake, SuSE, Red Hat, and others. This threat has caused a number of users to update to version 2.0.51, making a large number of systems vulnerable to the remotely exploitable Satisfy vulnerability described above.
Reply With Quote