back to article Attack on Apache server exposes firewalls, routers and more

Maintainers of the open-source Apache webserver are warning that their HTTP daemon is vulnerable to exploits that expose internal servers to remote attackers who embed special commands in website addresses. The weakness in 1.3 and all 2.x versions of the Apache HTTP Server can be exploited only under certain conditions. For one …


This topic is closed for new posts.
  1. Destroy All Monsters Silver badge

    What's in a word?

    "unauthorized access to a highly sensitive DMZ, or 'demilitarized zone' resources inside an organization"

    That's why the term "demilitarized zone" is dangerous - people let it all hang out on that little perimeter network. Militarize that DMZ now - passwords, encryption, intrusion detection, all of it.

  2. Nick Kew

    Open Proxy

    The scenario described may actually be a little far-fetched as a security hole. The configuration directives that open it are the kind of thing far more likely to be used in a 'loose' configuration - for example a mass virtual hosting situation - than in a high-security situation where wildcards would flag a warning.

    The other version of the risk is that you inadvertently make the server capable of being used as an open proxy. Not a proxy that could be used by a regular browser, but rather a browser hacked to send HTTP requests crafted to include routing information to an arbitrary destination.

    1. TraceyC

      You say this like mass virtual hosting servers are uncommon. I work in the hosting industry. It's highly common.

  3. Ru

    Apache as a reverse proxy?

    Surely all the cool kids will be using nginx or lighttpd or perlbal? Apache seems like a curious choice here.

  4. Abhorsen


    If you configure your webserver poorly, it might backfire on you.

    Who knew.

    1. Anonymous Coward


      ...but EVERYONE knows Open Source is immune from viruses, trojans, backdoors, bugs...etc...etc.

      So why worry?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019