Apache patch to thwart DoS attack

The Apache Software Foundation has released a patch for its Apache 2.0 HTTP Server to thwart a "significant" denial-of-service vulnerability.

		Reader Resources Apache vulnerabilities TechRepublic

Apache, which makes the popular open-source Web server application, released version 2.0.45 to fix a denial-of-service (DoS) problem. A DoS attack floods a network with data, rendering it inaccessible to legitimate queries.

The vulnerability in version 2.0.44 affects all operating systems, according to the advisory. But Apache issued a specific warning for OS/2 users, noting that for them the new patch still had a DoS vulnerability.

That outstanding issue will be fixed with the upcoming release of 2.0.46, but Apache said it was too important to delay the 2.0.45 patch.

The foundation urged, "All Apache 2.0 users are encouraged to upgrade now."

The foundation rushed the patch out perhaps to avert the kind of scenario that occurred last June, when a security firm released news of a flaw and gave Apache only a few hours to respond.

The DoS vulnerability in version 2.0.44 was discovered by David Endler of security firm iDefense. Apache did not provide specific details about the issues, noting only that Endler would publish details on April 8.

Apache dominates the Web server market with nearly 63 percent market share, according to March statistics from consulting firm Netcraft. Microsoft trails well behind with 27.4 percent, and Sun Microsystems has a paltry 1.1 percent of the market.