Multiple Apache Web Server Flaws Patched
Mar 09, 2010, 19:36 (0 Talkback[s])
(Other stories by Sean Michael Kerner)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"The Apache HTTP Web Server is the most widely deployed Web
server on the Internet today, which means that vulnerabilities in
the open source server can have a devastating impact. That also
makes security updates like the new 2.2.15 release critical, since
it addresses several security vulnerabilities in Apache's flagship
HTTP Web server.
"Chief among the new vulnerabilities is one flaw relating to a
broader SSL issue first disclosed in November 2009. That issue
involves a renegotiation flaw with TLS .
""Notably, this release was updated to reflect the OpenSSL
Project's release 0.9.8m of the openssl library, and addresses
CVE-2009-3555, the TLS renegotiation prefix injection attack,"
Apache noted in a mailing list announcement."
- HipHop steals Web serving from Apache at Facebook(Feb 26, 2010)
- The Apache Software Foundation Announces the 15th Anniversary of the Apache HTTP Web Server(Feb 23, 2010)
- Apache 1.3 Hits End of Life at 42 (Don't Panic!)(Feb 04, 2010)
- Apache SpamAssassin Takes a New Route in Version 3.30(Jan 27, 2010)
- Apache mulls end of 1.3, 2.0 releases(Jan 12, 2010)
- Apache Ready to Unleash Another Decade of Innovation(Jan 06, 2010)
- Apache: 'No jerks allowed'(Nov 15, 2009)
- Apache troubleshooting tips(Nov 09, 2009)
- ApacheCon 2009 Free Live Stream(Nov 04, 2009)