0

How to save your server from Apache 2.4.7 Vulnerability (mod_status)

Posted by zuhaircmr
If your server is running with an apache 2.4.7 , then the chance for being hacked is high . Listing two solutions to solve this issue .

Description:


An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.


Proof:


  • Running HTTP service
  • Product HTTPD exists -- Apache HTTPD 2.4.7
  • Vulnerable version of product HTTPD found -- Apache HTTPD 2.4.7

Vulnerability ID
: apache-httpd-cve-2014-0226

Solution:


Copyright © 2009 Topfom All rights reserved. Theme by zuhaircmr. | Bloggerized by topform.

free hit counters