Apache's server update targets Windows fixes

Addressing vulnerabilities affecting the Windows platform are the key features of the latest update of the Apache open source Web server.

Announced this week by the Apache Software Foundation, version 2.0.44 is primarily a security and bug release.

According to a statement from Apache, a malicious request to Apache that contains a MS-DOS device name could cause versions of Windows 9x and Windows Me to crash. Although this is a known security issue in Windows, Apache 2.0.44 has been patched to "correctly filter MS-DOS device names preventing the crash even if the Microsoft update is not applied".

As a consequence of this vulnerability, a remote attacker "can run arbitrary code on a server running Apache under Windows 9x and Me by sending a carefully crafted POST request containing a MS-DOS device name".

Additionally, on Windows platforms Apache could be forced to serve unexpected files by "appending illegal characters" such as '

The Apache Software Foundation said it considered this releases, the seventh public release of the Apache HTTP Server, to be the " best version of Apache available".

The Apache Web server runs on multiple platforms such as Linux, Unix and Microsoft Windows. According to the Netcraft Web server survey for January, Apache was the world's number one Web server with 62 per cent marketshare. This was followed by Microsoft's IIS (27.5 per cent), Zeus (2 per cent) and SunONE (1.3 per cent).

A list of the new features of the 2.0.44 release can be found at http://httpd.apache.org/docs-2.0/new_features_2_0.html

Join the newsletter!

Error: Please check your email address.

More about ApacheApache Software FoundationMicrosoftNetcraft

Show Comments