The group, which coordinates development and distribution of the open-source software, recommended that system administrators promptly upgrade to version 2.0.46 of Apache HTTP Server, available for download from the Apache Web site.
The free Apache program is the most popular Web server software in use today, employed by 63 percent of all Web sites, according to a recent survey by research firm Netcraft.
The new version of the software patches several serious vulnerabilities, including one that could allow vandals to crash a server by sending malicious commands to the component Apache uses to execute WebDAV (World Wide Web Distributed Authoring and Versioning) instructions. WebDAV is a set of extensions to the basic HTTP (Hypertext Transfer Protocol) underlying the Web, enabling sites to handle more advanced Web services functions. WebDAV has been the source ofin server software made by Microsoft and others.
The foundation said it would reveal details of the WebDAV vulnerability on Friday.
The new version of Apache also fixes a hole in the software authentication module that could let malicious users launch a limitedthat would prevent authorized users from logging on to the server under siege. The Apache foundation said in a statement that it did not believe the bug could enable unauthorized users to gain access to protected resources.
The foundationlast month to patch a vulnerability that could have allowed a more serious DoS attack.
Apache administrators were forced to scramble to contain damage late last year whenbegan to spread before a patch was available.