Worryingly, many sysadmins seemed unaware both of the Apache ‘chunked encoding’ bug and of their systems’ vulnerability…
This month has seen the elevation of what was thought merely to have been a minor DoS on a limited set of platforms running Apache to a remote-shell exploit on a large number. Worryingly, many sysadmins seem unaware both of the ‘chunked encoding’ bug and of their systems’ vulnerability: a quick search demonstrated that at least three major AV vendors are (at the time of writing) running older versions of Apache that are potentially at risk. Modification of executables to contain malicious code, defaced websites, and red-faced sysadmins seem likely to become the order of the day
Posted on 01 July 2002 by
Virus Bulletin
Leave a Reply