Home > Features > Apache Exploit Revealed • Bookmark   • Newsletters   • Register Search Options

FEATURE

Apache Exploit Revealed

Apache Exploit Revealed

May 13, 2010
Text size: 
Get XBIZ News
XBIZ Research
Will virtual reality boost the paysite market?
Yes, it will soon
  39.66%
Yes, but in a few years
  36.87%
No
  23.46%
Out of 179 votes. Results based on votes submitted by members of XBIZ.net social network.

" This critical piece of software underpins countless adult websites "

A major benefit of using Open Source software is that extensive and vocal user communities and analytics groups tend to form around the most popular applications — including around the sweetheart of adult (and mainstream) webhosting, the Apache HTTP Server.

This critical piece of software underpins countless adult websites and thus supports the daily availability of the adult Internet in no small way — so a swift response must meet any threat to it.

Sense of Security recently revealed one such threat, when it demonstrated a dangling pointer vulnerability within some Apache installation's mod_isapi module.

"mod_isapi is a core module of the Apache package that implements the Internet Server extension API," the SOS warning states. "The extension allows Apache to serve Internet Server extensions (ISAPI .dll modules) for Microsoft Windows based hosts."

"By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory," the report elaborated. "However function pointers still remain in memory and are called when published ISAPI functions are referenced."

The resulting dangling pointer exploit allows the execution of arbitrary code.

"The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows," Jason Edelstein, a Sense of Security spokesperson, stated. "An attacker could gain access to, modify and take away data."

The recommended solution is for affected Apache users to upgrade to the software's latest version.


PROFILES & BIOS

WIA Profile: Nancy Moore

Each month, industry news media organization XBIZ spotlights the career accomplishments and outstanding contributions of Women in Adult. WIA profiles offer an intimate look at the professional lives of... More »

WIA Profile: Janet Rini

Each month, industry news media organization XBIZ spotlights the career accomplishments and outstanding contributions of Women in Adult. WIA profiles offer an intimate look at the professional lives of... More »

Rise of SFW Cams for Voyeurs

Since its inception, Chaturbate could be called many things from sexy to successful, but one thing it can’t really be called is safe for work. It’s no secret that the entire adult cam industry... More »
XBIZ NEWSLETTERS
Stay informed of the latest industry developments. Get XBIZ newsletters delivered to your inbox. Subscribe today!
Enter email address:

* To manage existing subscriptions click here.






POPULAR PRODUCTS & SERVICES
Submit your press release to
multiple news outlets with 1 click.
Subscribe to RSS news feeds or
add free content to your website.
Access XBIZ news and articles
with your mobile device.
Subscribe to XBIZ World magazine, the industry's leading e-commerce trade publication, delivering in-depth coverage of the online, mobile and ancillary digital markets.

UPCOMING EVENTS

Everything To Do With Sex Show

Jan 27 - Jan 29
Halifax, Nova Scotia

The European Summit

Mar 04 - Mar 07
Barcelona-Sitges, Spain

The TEA Show

Mar 05 - Mar 06
Hollywood, CA

Phoenix Forum 2017

Mar 23 - Mar 26
Tempe, Arizona
Everyday thousands of business professionals browse XBIZ's industry directory for quality products and services. Not listed yet? Your company could be losing potential new business. Submit your company today!
Use XBIZ RSS feeds to stay informed of the latest industry developments or as a content syndication tool for your website!