A denial-of-service tool that exploits a security flaw in the Apache Web server software is available in the wild. The Apache team is working on a fix and is expected to roll it out over the next few days.

Called "Apache Killer," the DoS tool appeared Aug. 19 on the "Full Disclosure" security mailing list. The Apache Software Foundation acknowledged on Aug. 24 that the vulnerability the tool targets existed, and promised a fix for Apache 2.0 and 2.2 "in the next 96 hours."

Apache is the most widely used Web server software in the world, accounting for 65.2 percent of all such software currently in use, according to United Kingdom-based security consultancy Netcraft. The Apache team said all versions of the software in the 1.3 and 2.0 lines have the DoS bug and are vulnerable to attack. Apache 1.3 is no longer supported and administrators should have moved on to more recent versions already.



http://www.eweek.com/c/a/Security/Apache-Confirm-DoS-Vulnerability-in-Web-Server-Promises-Quick-Patch-161249/

Nice info. Thanks for the update!