The creators of Apache Web Server software said today that all Apache users are potentially affected by security vulnerabilities that were announced yesterday, even as a controversy continues about how the flaws were initially made public.. . .
The creators of Apache Web Server software said today that all Apache users are potentially affected by security vulnerabilities that were announced yesterday, even as a controversy continues about how the flaws were initially made public.

Mark Cox, a founding member of the Apache Software Foundation, said the vulnerability is caused by a stack buffer overflow, which can overload a server using a distributed denial-of-service attack and cause it to stop responding. In some cases, most notably where Microsoft Windows servers are running the older Apache Version 1.3 or under some 64-bit Unix operating systems, the flaw could be more serious, potentially allowing an intruder to gain remote access to the server, Cox said. All Apache Web server installs should be upgraded to be safe, he said. Apache said users should keep checking the Web site for the updated code.

Those potential problems, reported in a bulletin late yesterday by the Apache HTTP Server Project, are in contrast to a report earlier in the day by security vendor Internet Security Systems Inc. (ISS) in Atlanta. The Apache HTTP Server Project is the open-source community that created and maintains Apache.

The link for this article located at ComputerWorld is no longer available.