Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Two security alerts point to Apache Web Server flaws
A patch for one of the flaws has been posted; a second patch should be available tonight.
June 17, 2002 12:00 PM ETComputerworld -
Two security alerts about new vulnerabilities affecting the popular open-source Apache Web Server were posted by two organizations today.
The nonprofit Apache HTTP Server Project group has issued a bulletin about a vulnerability that can allow distributed denial-of-service attacks in Apache Version 1.3, including 1.3.24, and Apache 2, including all versions up to 2.0.36.
The Apache Project said that an Internet Security Systems Inc. (ISS) patch posted earlier in the day for an Apache vulnerability doesn't fix the denial-of-service problem. A patch for that vulnerability is expected to be ready by tonight on the group's Web site.
In a separate posting, Atlanta-based security vendor ISS reported the discovery of a flaw in the Apache mechanism that calculates the size of "chunked" encoding for Windows 32-bit users. Chunked encoding is part of the HTTP specification used for accepting data from Web users, according to ISS.
When data is sent from the user, the Web server needs to allocate a memory buffer of a certain size to hold the submitted data. When the size of the data being submitted is unknown, the client or Web browser will communicate with the server by creating "chunks" of data of a negotiated size.
But the flaw, affecting Apache Versions 1.x, misinterprets the size of incoming data chunks, which could lead to a signal race, heap overflow and exploitation of malicious code, according to ISS.
ISS said it had posted a fix for the problem on its Web site.
Chris Rouland, director of ISS's X-Force research and development group, said the two vulnerabilities are different. The ISS patch will protect Windows servers running Apache from remote compromise attacks, he said, while the denial-of-service problem reported by the Apache Project appears to be a separate issue.
"This is open-source in action," he said, referring to the wide discourse on the exact vulnerabilities being addressed by both groups. "The value is you get a lot of different minds thinking about something, and the challenge is that you have to decide what to do."
Read more about security in Computerworld's Security Knowledge Center.
Security
Additional Resources
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Computerworld Reports
Sign up to receive updates on the latest Security resources
