Apache released version 2.2.15 of their Apache web server. 2.2.15 has vulnerability fixes in it that you need to consider since at least one of the vulnerabilities patched has a known working exploit available publicly. Proof of concept code for CVE-2010-0425 (mod_isapi) has already been released on the explo.it site (http://www.exploit-db.com/exploits/11650).
The OpenSSL library has also been updated in this release to version 0.9.8m to address CVE-2009-3555.
The Apache download site is: http://httpd.apache.org/download.cgi
Metasploit module: www.metasploit.com/modules/auxiliary/dos/http/apache_mod_isapi
email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment