Apache Exploit Revealed

Stephen Yagielowicz
A major benefit of using Open Source software is that extensive and vocal user communities and analytics groups tend to form around the most popular applications — including around the sweetheart of adult (and mainstream) webhosting, the Apache HTTP Server.

This critical piece of software underpins countless adult websites and thus supports the daily availability of the adult Internet in no small way — so a swift response must meet any threat to it.

Sense of Security recently revealed one such threat, when it demonstrated a dangling pointer vulnerability within some Apache installation's mod_isapi module.

"mod_isapi is a core module of the Apache package that implements the Internet Server extension API," the SOS warning states. "The extension allows Apache to serve Internet Server extensions (ISAPI .dll modules) for Microsoft Windows based hosts."

"By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory," the report elaborated. "However function pointers still remain in memory and are called when published ISAPI functions are referenced."

The resulting dangling pointer exploit allows the execution of arbitrary code.

"The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows," Jason Edelstein, a Sense of Security spokesperson, stated. "An attacker could gain access to, modify and take away data."

The recommended solution is for affected Apache users to upgrade to the software's latest version.

More Articles

trends

Content Is King: Paysites Evolve as Porn Pushes Technology

Stephen Yagielowicz ·
profile

Q&A: Paxum CEO Octav Moise Shares the Wealth

Alejandro Freixes ·
educational

S2S Postbacks: Getting Ad Stats in 1 Place

Juicy Jay ·
opinion

Tips to Master Customer Subscription Retention

Cathy Beardsley ·
opinion

A Primer on How to Integrate Paysite Processing

Jonathan Corona ·
educational

Trademark Ruling a Victory for Adult Products, Services

Marc Randazza ·
profile

Q&A: Rich Girls CEO Cristina Enriches Cam Models

Alejandro Freixes ·
profile

Q&A: LiviaChoice Embraces Grand Camming Destiny

Alejandro Freixes ·
opinion

Refined Protocols Reduce STI Risks for Performers

Eric Paul Leue ·
educational

Camming 101: Establish Boundaries to Keep the Fantasy Alive

Steve Hamilton ·
Show More