Home > Features > Apache Exploit Revealed • Bookmark   • Newsletters   • Register Search Options

FEATURE

Apache Exploit Revealed

Apache Exploit Revealed

May 13, 2010
Text size: 
Get XBIZ News
XBIZ Research
Will virtual reality boost the paysite market?
Yes, it will soon
  39.66%
Yes, but in a few years
  36.87%
No
  23.46%
Out of 179 votes. Results based on votes submitted by members of XBIZ.net social network.

" This critical piece of software underpins countless adult websites "

A major benefit of using Open Source software is that extensive and vocal user communities and analytics groups tend to form around the most popular applications — including around the sweetheart of adult (and mainstream) webhosting, the Apache HTTP Server.

This critical piece of software underpins countless adult websites and thus supports the daily availability of the adult Internet in no small way — so a swift response must meet any threat to it.

Sense of Security recently revealed one such threat, when it demonstrated a dangling pointer vulnerability within some Apache installation's mod_isapi module.

"mod_isapi is a core module of the Apache package that implements the Internet Server extension API," the SOS warning states. "The extension allows Apache to serve Internet Server extensions (ISAPI .dll modules) for Microsoft Windows based hosts."

"By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory," the report elaborated. "However function pointers still remain in memory and are called when published ISAPI functions are referenced."

The resulting dangling pointer exploit allows the execution of arbitrary code.

"The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows," Jason Edelstein, a Sense of Security spokesperson, stated. "An attacker could gain access to, modify and take away data."

The recommended solution is for affected Apache users to upgrade to the software's latest version.


LEGAL PERSPECTIVES

Porn ‘Public Health Crisis’ Is False, Dangerous

We are witnessing the early stages of a moral panic, the likes of which we have not seen since the Reagan Administration. As I write this, there are 27 states in the process of passing mandatory porn... More »

The Skinny on the New DMCA Requirement

The requirements under the Digital Millennium Copyright Act (DMCA) have changed, but the sky is not falling. We have, even as a law firm, been hit with an unbelievable amount of spam sent out by law firms... More »

2017 Outlook: Legal Matters Around the Corner

The adult entertainment business’ legal community recently weighed in the top issues that companies and the industry, as a whole, should be concerned about. XBIZ asked industry attorneys to discuss... More »
XBIZ NEWSLETTERS
Stay informed of the latest industry developments. Get XBIZ newsletters delivered to your inbox. Subscribe today!
Enter email address:

* To manage existing subscriptions click here.






POPULAR PRODUCTS & SERVICES
Submit your press release to
multiple news outlets with 1 click.
Subscribe to RSS news feeds or
add free content to your website.
Access XBIZ news and articles
with your mobile device.
Subscribe to XBIZ World magazine, the industry's leading e-commerce trade publication, delivering in-depth coverage of the online, mobile and ancillary digital markets.

UPCOMING EVENTS

XBIZ.net Paysite Meetup

May 04 - May 04
Prague, Czech Republic

Eurowebtainment 2017

May 17 - May 20
Majorca, Spain

XBIZ Retreat

May 30 - Jun 03
Miami, Florida

XBIZ Miami 2017

May 30 - Jun 02
Miami, Florida
Everyday thousands of business professionals browse XBIZ's industry directory for quality products and services. Not listed yet? Your company could be losing potential new business. Submit your company today!
Use XBIZ RSS feeds to stay informed of the latest industry developments or as a content syndication tool for your website!