A June 2002 survey by Netcraft shows that Web sites are more vulnerable than ever because of several recently reported security problems with Microsoft IIS and Apache Web server. Netcraft polled 38,807,788 Web servers and found that 59.67 percent (more than 23 million sites) run Apache Web server, and 28.96 percent (almost 29 percent) run IIS.
Of the IIS sites surveyed, 45 percent support .htr file mapping and might be vulnerable to attack because of a buffer overflow condition with .htr files. Microsoft reported the problem to the public on June 11. On June 17, Mark Litchfield reported a chunked-encoding vulnerability in Apache Server that might let an intruder compromise the server. By the last week of June, some 6 million Apache sites had upgraded to a version that eliminates the vulnerability, but leaving more than 14 million Apache servers vulnerable to attack. Netcraft thinks that approximately half the Web is still vulnerable to these two attacks and points out that a worm designed to exploit the Apache problem is already spreading around the Internet.
Since the survey was conducted, Microsoft reported other severe problems in its Web technology. On June 26, the company alerted Microsoft Commerce Server users that remote attackers could run the code of their choice. Commerce Server typically is used to build large e-commmerce sites, and Netcraft said that about 36,000 sites use the software, including some banks.
A complicating factor with these attacks is that Secure Sockets Layer (SSL) connections might be vulnerable. Sites using intrusion detection systems (IDS) might find that their IDS systems don't detect attacks that arrive over SSL connections because those connections are encrypted and IDS systems typically can't analyze encrypted traffic. Netcraft encourages everyone to inspect their systems for vulnerabilities and patch them as quickly as possible to help ward off cyber-attacks.
