Collaborate Disseminate
If you’re looking for a non-techie, plain English, verbal explanation of the Apache “Optionsbleed” security bug, watch this! Continue reading The Apache “Optionsbleed” security hole explained [VIDEO]
[Hanno Böck] recently uncovered a vulnerability in Apache webserver, affecting Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27. This bug only affects Apache servers with a certain configuration in .htaccess file. Dubbed Optionsbleed, this vulnerability is a use after free error in Apache HTTP that causes a corrupted Allow header to be replied by the webserver in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain sensitive information. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be …read more
Continue reading OptionsBleed – Apache bleeds in uncommon configuration
Remember Heartbleed, where servers could be tricked into letting other people’s data slip? “Optionsbleed” is an Apache bug that’s similar. Continue reading Apache “Optionsbleed” vulnerability – what you need to know
The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw. Continue reading Risks Limited With Latest Apache Bug, Optionsbleed