Apache Web Server Vulnerable to DoS and Arbitrary Code Execution

Apache Web Server is vulnerable to Denial of Service (DoS) attacks and execution of arbitrary code. The module that provides SSL support (mod_ssl) doesn't properly handle certain non-SSL traffic that is sent to an SSL-enabled virtual host, which can lead to a denial of serviceDoS attack. Multiple critical vulnerabilities exist in the module used for connectivity to PostgreSQL database servers (mod_auth_pgsql). The vulnerabilities could allow remote intruders to execute arbitrary commands. Apache Software Foundation corrected the SSL problem in the source code tree. A bug report can be found at the first URL below. PostgreSQL module developer Giuseppe Tanzilli released module version 2.0.3, which corrects the arbitrary code execution problems.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.