Posts Tagged ‘Apache’

Apache reverse proxy bug allows compromising internal system

Apache team is working on fixing a new vulnerability that allows an attacker from internet to have an internal access to the system. This zero day is reported by Prutha Parikh from Qualys. On a blog post published there are 2 examples on how to exploit this vulnerability with a fully patched Apache Web Server [...]

Share

Using mod_rewrite to harden Apache

Most installations of Apache should come with the mod_rewrite module already configured and active.  For those of you that are hosting the web server on a shared hosting environment (ie: you’ve bought a generic web hosting package), then you are forced to edit a file named .HTACCESS in order to setup the securities for your [...]

Share

Remote DoS Vulnerabilty in Apache

Apache Killer a new exploit that uses a serious Apache vulnerability discovered over 54 months ago, the bug allows hacker to conduct a denial of service attack and turn any web server down. Under certain conditions Apache internally is inefficient at handling such request which ‘explode’ into many 100’s of internal requests for large byte [...]

Share

Apache.org: What didn’t work?

Further to the web incident of Apache software foundation in which the website has gone offline on Monday, a presentation has been published to clarify the cause of this incident and measures that have been taken. Providing details can help others to learn mistakes and be ready for any attack. According to the analysis, the [...]

Share

Apache Website Owned!

Apache Software Foundation website was down last Friday after hackers compromised SSH key to one of their main servers. Secure Shell is a very popular technology that can provides a secure servers remote administration, well if the hackers manage to upload a rootkit or Trojan over the download package of apache website, this can cause [...]

Share

VMware Hosted products update libpng and Apache HTTP Server

VMware has released new security advisory VMSA-2009-0010, in this advisory there is updates for the VMware Workstation, VMware Player, VMware ACE and a pending updates for VMware Server 1.X and 2.X. According to the Security advisory descriptions there were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a [...]

Share

HTTP DoS-attack tool on Apache web server

Robert Hansen, a guru in the field of security, has released a new tool for DoS-attacks, exposing serious Web server’s vulnerabilities including Apache and other servers. Hansen called his tool Slowloris , the most interesting in this utility that it can cause a DoS attack without using a huge amount of traffic as we usually [...]

Share