Apache Server 2.2.15 Released

Apache released version 2.2.15 of their Apache web server. 2.2.15 has vulnerability fixes in it that you need to consider since at least one of the vulnerabilities patched has a known working exploit available publicly. Proof of concept code for CVE-2010-0425 (mod_isapi) has already been released on the explo.it site (http://www.exploit-db.com/exploits/11650).

The OpenSSL library has also been updated in this release to version 0.9.8m to address CVE-2009-3555.

The Apache download site is: http://httpd.apache.org/download.cgi

Metasploit module: www.metasploit.com/modules/auxiliary/dos/http/apache_mod_isapi

email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity


Leave a Reply