Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
The Apache Software Foundation and The Apache Server Project on Thursday
released Version 1.3.27 of its popular Web server software, an upgrade that
includes fixes to three security vulnerabilities.
The new Apache HTTP server (download new version here) was
described as principally a security and bug-fix release. It plugs a hole
that exists in all versionsof Apache prior to 1.3.27 on platforms using
System V shared memory based scoreboards.
That vulnerability allows an attacker to execute code under the Apache UID
to exploit the Apache shared memory scoreboard format and send a signal to
any process as root or cause a local denial-of-service attack.
Another bug that made Apache susceptible to a cross site scripting
vulnerability in the default 404 page of any Web server hosted on a domain
that allows wildcard DNS lookups was also secure.
The Apache Foundation said some possible overflows in ab.c, which could be
exploited by a malicious server, were also fixed.
The new server release also includes new features that offer “substantial
improvements” over version 1.2, the Apache Foundation said, upgrades that
include better performance, reliability and an expansion of supported
platforms, including Windows NT and 2000 (which fall under the “Win32”
label), OS2, Netware, and TPE threaded platforms.
It has been fitted with a new ErrorHeader directive and configuration file
globbing that can now use simple pattern matching. Apache has also made the
protocol version (eg: HTTP/1.1) in the request line parsing
case-insensitive, a key upgrade over previous versions.
Other highlights include:
ap_snprintf() can now distinguish between an output which was
truncated, and an output which exactly filled the buffer.
Add ProtocolReqCheck directive, which determines if Apache will check
for a valid protocol string in the request (eg: HTTP/1.1) and return
HTTP_BAD_REQUEST if not valid. Versions of Apache prior to 1.3.26 would
silently ignore bad protocol strings, but 1.3.26 included a more strict
check. This makes it runtime configurable.
Added support for Berkeley-DB/4.x to mod_auth_db.
httpd -V will now also print out the compile time defined
HARD_SERVER_LIMIT value.
On specific platforms, new features in the upgrade include support for
Caldera OpenUNIX 8 and the ability to use SysV semaphores by default on
OpenBSD. It also implements file locking in mod_rewrite for the NetWare
CLib platform.
The Foundation said several minor bugs found in Apache 1.3.26 (or earlier),
including mod_proxy fixes, have been included in Apache 1.3.27.
Separately, the Jakarta Ant-Dev has released Version 1.5.1 of Apache Ant, a
Java-based build tool that allows full portability of pure Java code. (Download
new version here. The Jakarta Ant-Dev upgrade also fixes several bugs in
older versions.
RELATED NEWS AND ANALYSIS
-
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
-
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
-
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
-
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
-
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
-
Top 10 AIOps Companies
FEATURE | By Samuel Greengard,
November 05, 2020
-
What is Text Analysis?
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
-
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
-
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
-
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
-
Top 10 Chatbot Platforms
FEATURE | By Cynthia Harvey,
October 07, 2020
-
Finding a Career Path in AI
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
-
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
-
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
-
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
-
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
-
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
-
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
-
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
-
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020