Apache web server vulnerabilities

The IT security firm Sense of Security has issued a security advisory concerning a serious exploit it has discovered in the popular open source web server Apache. 
“By sending a specially crafted request followed by a reset packet  it is possible to trigger a vulnerability in Apache mod_isapi  that will unload the target ISAPI module from memory. However  function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.”

Users are advised to upgrade to version 2.2.15 as soon as possible. There is a video demonstrating a proof of concept of the exploitation. This exploit is exclusive to Windows.

Leave a Reply

Your email address will not be published. Required fields are marked *