Multiple Apache Web Server Flaws Patched

"The Apache HTTP Web Server is the most widely deployed Web server on the Internet today, which means that vulnerabilities in the open source server can have a devastating impact. That also makes security updates like the new 2.2.15 release critical, since it addresses several security vulnerabilities in Apache's flagship HTTP Web server.

"Chief among the new vulnerabilities is one flaw relating to a broader SSL issue first disclosed in November 2009. That issue involves a renegotiation flaw with TLS .

""Notably, this release was updated to reflect the OpenSSL Project's release 0.9.8m of the openssl library, and addresses CVE-2009-3555, the TLS renegotiation prefix injection attack," Apache noted in a mailing list announcement."

Complete Story

Related Stories:

• HipHop steals Web serving from Apache at Facebook(Feb 26, 2010)
• The Apache Software Foundation Announces the 15th Anniversary of the Apache HTTP Web Server(Feb 23, 2010)
• Apache 1.3 Hits End of Life at 42 (Don't Panic!)(Feb 04, 2010)
• Apache SpamAssassin Takes a New Route in Version 3.30(Jan 27, 2010)
• Apache mulls end of 1.3, 2.0 releases(Jan 12, 2010)
• Apache Ready to Unleash Another Decade of Innovation(Jan 06, 2010)
• Apache: 'No jerks allowed'(Nov 15, 2009)
• Apache troubleshooting tips(Nov 09, 2009)
• ApacheCon 2009 Free Live Stream(Nov 04, 2009)