A security weakness in the popular Apache Web server (used by Apple within Mac OS X) could allow hackers to launch denial of service attacks, or even to take over systems on which the software is running, the Apache Software Foundation warned yesterday.
The flaw relates to the way the Web server parses uploaded data, and can cause the software to misinterpret the size of incoming chunks of data. It can be exploited by sending a carefully crafted request to the server, said the Foundation.
All versions of Apache 1.3, and versions of Apache 2 up to 2.0.36, are affected.
Those running Apache on Microsoft’s Windows 2000 or Windows 2000 Server are particularly affected, according to security software vendor Internet Security Systems. Such systems are especially vulnerable to take over, the group said.
The Apache Software Foundation is working on new software releases to repair the flaw.
Over 63 per cent of all Web sites run on an Apache Web server, according to Web analyst firm Netcraft, which compiles such information.