Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About

Apache Today [Your Apache News Source] The Premier Event for Grid Computing Products/Services
The Linux Channel at
Linux Planet
Enterprise Linux Today
Linux Programming
Linux Central
Linux Apps
Linux Start
Just Linux
BSD Today
Linux Today
Apache Today
BSD Central
All Linux Devices

Internet News
Internet Investing
Internet Technology
Windows Internet Tech.
Linux/Open Source
Web Developer
ISP Resources
ASP Resources
Wireless Internet
Internet Resources
Internet Lists
Career Resources

Advertising Info
Corporate Info

Apache HTTPD Links
The Apache FAQ
Apache Project
The Apache Software Foundation
Apache Module Registry
Apache-Perl Integration Project
The Jakarta Project
PHP Server Side Scripting
The Java Apache Project
Apache XML Project
Apache-Related Projects New Products

"Learning Red Hat Linux, 2nd Edition
"Darwin 1.4.1
"Reliable Linux
"Practical PostgreSQL
"Linux Tux Money Clips
"Linux Tux PC Badges-USA Version
"Red Hat Linux Security and Optimization
"Red Hat Linux Survival Guide
"Red Hat Linux 7.2 Bible Unlimited Edition
"Linux Complete 2nd Edition

Search for Linux products

Apache Today

Subscribe News

View: Security

Gartner: Move away from IIS --NOW!
(Oct 3, 2001, 21:21 UTC) (4140 reads) (0 talkbacks) (Posted by )
"Gartner recommends that enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache."

Debian Security Advisory: Apache
(Jul 30, 2001, 17:47 UTC) (2938 reads) (0 talkbacks) (Posted by )
"We have received reports that the 'apache' http daemon, as included in the Debian 'stable' distribution, is vulnerable to the 'artificially long slash path directory listing vulnerability' as described in"

Bugtraq: Java servlet cross-site scripting vulnerability
(Jul 2, 2001, 16:43 UTC) (6734 reads) (4 talkbacks) (Posted by )
This posting to Bugtraq outlines a Java servet scripting vulnerability that could affect many systems, including Tomcat and WebSphere.

EnGarde Linux advisory: Apache directory listing vulnerability
(Jun 21, 2001, 21:19 UTC) (2883 reads) (0 talkbacks) (Posted by )
"There is a vulnerability in apache by which an attacker can get a directory listing even when an index file (such as index.html) is present."

SecurityPortal: A Matter of Trust: How Was Compromised
(Jun 6, 2001, 19:52 UTC) (2312 reads) (0 talkbacks) (Posted by )
Kurt Seifried discusses how was compromised, offering that part of a growing problem we face in computer security is trust: "The SSH protocol is used to secure these connections with strong encryption, which provides a tunnel between the two communicating machines. Furthermore, it is assumed that the end developer's machine is secure, and that there are no keystroke loggers running, or items like KeyGhost hooked up to the machine. Herein lies a problem. More and more people are using machines that are not always secure or should not be considered "trusted."

Apache Software Foundation Server compromised, resecured.
(May 31, 2001, 12:38 UTC) (3425 reads) (1 talkbacks) (Posted by )
The recent compromise of SourceForge servers had farther-reaching impact than on the users of that service alone. This report from Brian Behlendorf of the Apache project explains a crack one of the project's public servers underwent involving an ssh client compromised to log outgoing names and passwords. A rather extensive audit and verification process remains underway.

Apache 1.3 Security Fix Available for Win32/OS2 users
(May 13, 2001, 04:50 UTC) (2415 reads) (0 talkbacks) (Posted by )
"An exploit was recently reported that allows a malicious user to terminate the Apache server running on Win32 or OS2."

HP introduces software and services to promote secure e-commerce, including Apache support
(Apr 9, 2001, 15:35 UTC) (1002 reads) (1 talkbacks) (Posted by )
"Hewlett-Packard today announced enhanced security software, services and alliances to help businesses secure their e-commerce environments, prevent intrusions and protect against attacks in real-time. The products include HP Virtualvault 4.5, a newly enhanced version of HP's multi-layered, secure operating system, which now integrates Apache-based Web servers and provides integration with the HP Bluestone Total-e-server and Public Key Infrastructure (PKI)."

Tempest Software Ships SiteShield; New Product Facilitates Secure Exchange of Information Over the Web
(Mar 26, 2001, 17:03 UTC) (760 reads) (0 talkbacks) (Posted by )
Tempest Software, a provider of technology and products that facilitate secure, standards-based information exchange over the Internet, today announced it is shipping Version 2 of SiteShield, the new "plug and play" software solution to secure websites.

Zope SECURITY ALERT and Zope hotfix release
(Mar 9, 2001, 21:29 UTC) (650 reads) (0 talkbacks) (Posted by )
"A recent change to the access validation machinery made this bug begin to affect security restrictions. The bug, with the change to validation, made it possible to access Zope objects via acquisition that a user would not otherwise have access to."

Workaround for unintended JSP execution when using Oracle Apache/JServ
(Feb 13, 2001, 05:45 UTC) (1146 reads) (0 talkbacks) (Posted by )
"A potential security vulnerability has been discovered in Oracle JSP Releases 1.0.x through 1.0.2 when using Oracle Apache/JServ only."

Security Portal: Ask Buffy - "owning" Apache, listing of port numbers and stateful firewalls
(Dec 14, 2000, 16:45 UTC) (1141 reads) (0 talkbacks) (Posted by )
"Who should own Apache? I have nobody as the owner and the group, but I'm not sure if this is safe or not." PHP.Pirus; first virus written in PHP
(Nov 30, 2000, 18:47 UTC) (1132 reads) (0 talkbacks) (Posted by )
"The virus searches for .php and .htm files and inserts code to call itself. The virus executes only on servers with PHP interpreters."

Red Hat Bug Fix Advisory: Updated web server module packages are now available for Red Hat Linux 7
(Nov 28, 2000, 14:02 UTC) (869 reads) (0 talkbacks) (Posted by )
Apache 1.3.12 and 1.3.14 are not binary compatible if both have been modified to support mod_ssl. These modules have been rebuilt using updated development packages.

Red Hat Bug Fix Advisory: Updated web server module packages are now available for Red Hat Power Tool 7
(Nov 28, 2000, 14:01 UTC) (705 reads) (0 talkbacks) (Posted by )
Apache 1.3.12 and 1.3.14 are not binary compatible if both have been modified to support mod_ssl. These modules have been rebuilt using updated development packages.

Red Hat Bug Fix Advisory: Updated web server module packages are now available for Red Hat Linux 7
(Nov 22, 2000, 16:12 UTC) (585 reads) (0 talkbacks) (Posted by )
"Apache 1.3.12 and 1.3.14 are not binary compatible if both have been modified to support mod_ssl. These modules have been rebuilt using updated development packages."

Red Hat Bug Fix Advisory: Updated web server module packages are now available for Red Hat Power Tool 7
(Nov 22, 2000, 16:09 UTC) (566 reads) (0 talkbacks) (Posted by )
"Apache 1.3.12 and 1.3.14 are not binary compatible if both have been modified to support mod_ssl. These modules have been rebuilt using updated development packages."

Apache Guide: mod_access: Restricting Access by Host
(Nov 13, 2000, 15:51 UTC) (16107 reads) (5 talkbacks) (Posted by )
You have the power to control access to your Apache server based on the hostname or IP address of the connecting user. Rich Bowen explains how to use the mod_access Apache module to enforce these rules.

Red Hat Security Advisory: Updated Secure Web Server packages now available
(Oct 28, 2000, 13:49 UTC) (1156 reads) (0 talkbacks) (Posted by )
"Security bugs in versions of Apache prior to 1.3.14 also affect Secure Web Server. A new release which incorporates 1.3.14 is now available."

The Register: Apache wins Big Brother award
(Oct 27, 2000, 16:34 UTC) (1316 reads) (1 talkbacks) (Posted by )
"The Apache Consortium, producers of the world's most popular Internet server software, sucks when it comes to privacy. So much so that it won a Big Brother award for it's "irresponsible default settings."

Red Hat Security Advisory: Updated apache, php, mod_perl, and auth_ldap packages available
(Oct 24, 2000, 00:30 UTC) (2030 reads) (0 talkbacks) (Posted by )
Updated apache, php, mod_perl, and auth_ldap packages are now available for Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7.

Caldera Systems Security Advisory: format bug in PHP
(Oct 20, 2000, 16:04 UTC) (673 reads) (0 talkbacks) (Posted by )
"There's a format bug in the logging code of the mod_php3 module. It uses apache's aplog_error function, passing user-specified input as the format string." Installation of a Secure Web Server
(Oct 19, 2000, 20:40 UTC) (1056 reads) (0 talkbacks) (Posted by )
"Apart from firewalls, which aim at protecting internal networks against attacks from the internet, web servers are the second important field requiring a high degree of security. This article shows how this can be done on a Linux system within just 45 minutes."

Linux-Mandrake Security Update Advisory: apache update (2nd update)
(Oct 19, 2000, 12:51 UTC) (734 reads) (0 talkbacks) (Posted by )
"The permissions on the -14mdk apache-suexec package were still incorrect. While some CGI scripts would perform, others would not due to the permissions being 4700 and not 4711. The -15mdk RPMs for 7.1 fix this issue. "

MandrakeSoft Security Advisory: Apache
(Oct 12, 2000, 17:14 UTC) (859 reads) (0 talkbacks) (Posted by )
"The Apache web server comes with a module called mod_rewrite which is used to rewrite URLs presented by the client prior to further processing. There is a flaw in the mod_rewrite logic that allows an attacker to view arbitrary files on the server system if they contain regular expression references. All Linux-Mandrake users using Apache are encouraged to upgrade to these updated versions that fix this flaw."

PHP Security Advisory - File Uploads
(Sep 11, 2000, 20:28 UTC) (3185 reads) (0 talkbacks) (Posted by )
"It's possible for a remote attacker to supply arbitrary file names as values for FOO, by submitting a standard form input tag by that name, and thus cause the PHP script to process arbitrary files."

PlanetIT: Emerging Technology: Maximizing Apache Server Security
(Jul 19, 2000, 22:28 UTC) (911 reads) (0 talkbacks) (Posted by )
"Is Apache the most secure HTTP server available? The answer is simple: Apache can be made to be the most secure, and this article will show you how. Please note that I will concentrate on the Unix variant of Apache. While a Windows NT port is available, it has yet to reach the level of maturity currently enjoyed by the Unix version."

Zope security alert and 2.1.7 update
(Jun 16, 2000, 19:54 UTC) (657 reads) (0 talkbacks) (Posted by )
"We have recently become aware of an important security issue that affects all released Zope versions including the recent 2.2 beta 1 release."

AppWatch: Zope 2.1.7 - SECURITY UPDATE
(Jun 16, 2000, 06:34 UTC) (573 reads) (0 talkbacks) (Posted by )
"The issue involves an inadequately protected method in one of the base classes in the DocumentTemplate package that could allow the contents of DTMLDocuments or DTMLMethods to be changed remotely or through DTML code without forcing proper user authorization."

Your Apache Today
Find Out Why!

Latest Feature

Looking at Apache 2.0 Alpha 4
Development continues to roll along on Apache 2.0. In his latest column, Ryan Bloom details what's new in the recently released Apache 2.0 Alpha 4.
(Jun 30, 2000)
Apache Today Features

The Apache Web Server Documentation Project
Over the years, a lot of people have become interested in the idea of contributing to the Apache HTTP Server project, but have hung back or remained silent because they felt only hardcore C programmers with tons of experience need apply. Some actually have contacted the Project, saying they'd like to help out but don't have the coding skills and so didn't know what they could do. And some have offered specifically to help out on the documentation, either translating it, or correcting technical nits, or improving its readability or navigability. In July of 2000, however, the Apache HTTP server project created a subproject and reorganised the documentation files so that they can be worked on directly by non-programmers. This article describes more about this, and how you can get involved.
(Sep 27, 2000)
Keeping Your Images from Adorning Other Sites
Webmasters are ever searching for ways to make their sites look cool and attractive. One way is to dress it up with images, logos, and other graphics--sometimes referred to as 'eye candy.' Of course, if you happen to be in the forefront of this in any way, you run the risk of having others cadge your art in order to dress up their sites. This article shows how you can use Apache configuration directives to limit access to your art so that it's more difficult to use elsewhere.
(Jun 14, 2000)
E-Commerce Solutions: An Apache Overview
With this column Martin C. Brown begin his regular coverage of Apache and E-Commerce for Apache Today. This initial column maps out the burgeoning area of E-Commerce and what every Apache Webmaster needs to know about implementing E-Commerce on their site.
(May 31, 2000)
An Introduction to Apache 2.0
Apache 2.0 has already been through three alpha releases. In this preview, Ryan Bloom of the Apache Group previews Apache 2.0 and explains why it will make life easier for every Webmaster on the Internet.
(May 28, 2000)
Getting Started with Apache 1.3
While you're licking your chops and waiting for Apache 2.0 to be released, you're probably facing a very real situation of having to set up an Apache Web server today. In this overview, Apache pioneer Ken Coar goes through all the steps needed to install and configure an Apache 1.3 Web server.
(Jun 1, 2000)
"Survey highlights open source motivation factors
"FreeBSD 4.5 has been released
"OSNews: Interview with Robert Watson of the TrustedBSD Project
"Newsforge: A Linux guy looks at NetBSD
"Caldera offers several ancient UNIX versions under a BSD-style license
"Changes to the NetBSD Packages Collection in December 2001
"Measuring Interrupt Latency within the FreeBSD kernel
"Debian runs on NetBSD
"cnet: FreeBSD to change hands
"Sponsorship of FreeBSD to return to its roots New Articles
"Configuring PHP with ORACLE 8i Support
"Using PHP and MySQL with Flash
"Making PHP Applications Cache-Friendly
"Making forms object-oriented
"PHP programming methodologies and documentation
"Using Webalizer to analyze Apache logs
"Optimizing Postgresql
"Getting Started with PHP/Ming
"Cross-platform and Portable Development With PHP
"Site Maintenance & Transition

Linux Today

Linux Today

" Impressions on the Paris Linux Expo
"O'Reilly Network: Introduction to Make
"HP 'Frees' Printer Drivers by Removing 'HP-Only' Clause
"Debian Security Advisory: updated rsync fix
"Jeremy Allison: Samba 2.2.3 released

Search Linux Today:

Content settings.

About Triggers Media Kit Security Triggers Login

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4
Copyright 2002 INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.