HTTP Apache Redundant Slashes Dos

  • Thread starter Thread starter Chris Suckling
  • Start date Start date
C

Chris Suckling

Can anyone help ?

I have gone to the Nortons Antivirus website to find out what this
particular virus is and does and to be honest am confused given the scant
information provided by the site as to what it actually is and does. It
mentions upgrading the Apache Server Software, the thing is i have no idea
of what this actually does and whether i actually use it or not.

Having mentioned this problem on a number of website i wondered whether
there was any solution that could be found and what it would involve to
solve it.
 
Chris Suckling said:
Can anyone help ?

I have gone to the Nortons Antivirus website to find out what this
particular virus is and does and to be honest am confused given the scant
information provided by the site as to what it actually is and does. It
mentions upgrading the Apache Server Software, the thing is i have no idea
of what this actually does and whether i actually use it or not.

Having mentioned this problem on a number of website i wondered whether
there was any solution that could be found and what it would involve to
solve it.
Click to expand...

Looks to me (from the name alone) to be a detection of an exploit
(denial of service) for an Apache server that isn't up to date. If you
were running an Apache server I would think you would know you were
doing so.

Is this detection form the AV or from a firewall's IDS component?
 
I have gone to the Nortons Antivirus website to find out what this
particular virus is and does and to be honest am confused given the scant
information provided by the site as to what it actually is and does. It
mentions upgrading the Apache Server Software, the thing is i have no idea
of what this actually does and whether i actually use it or not.
Click to expand...

Are you running a very old version (pre 1998) of the Apache webserver on your
computer, allowing others to access websites on your system? If not, don't worry
about it.

It only affects webservers running apache 1.24 or older. If you are
running an old version of apache, go to http://httpd.apache.org/
to get a newer version.

Note that there are major configuration changes between 1.3.33, and the 2.0 series,
as "Apache 2.0 add-in modules are not compatible with Apache 1.3 modules"

So if your upgrading from 1.24 to the latest 2.1.6-alpha, it's best
to do a fresh install. I can't find 1.25 on the mirrors. The oldest
they currently carry is 1.3, which appears to have been released in Jun. 98.

Btw, what the bug actually does is cause the server to stop responding, if someone
enters a url like http://some.domain.invalid/pub////////////file
The extra slashes would be removed (if you had enough ram), but it would take a
long time. Without enough ram, it would crash the server.

Regards, Dave Hodgins
 
Back
Top