The Apache Software Foundation has fixed two vulnerabilities in its ubiquitous Web server, including a cross-site scripting bug that could enable an attacker to upload files to a remote server. The new version of the Apache HTTP Server also includes updates that resolve dozens of other, non-security related bugs.
The 2.4 branch of the Apache Web server is the newest one and has a slew of new features and updates that arenβt included in the 2.2 branch. This latest release, version 2.4.3, contains two significant security updates and also includes a fix for a known issue with Apache running on Windows that would cause SSL connections to fail.
The two security bugs fixed in Apache 2.4.3 include the potential XSS vulnerability, as well as a problem with the closing of some back-end connections that could result in a privacy problem. Here is the security content of the 2.4.3 release:
The SSL issue on Windows was a separate problem and has been resolved now. In addition to the security vulnerabilities fixed in Apache 2.4.3, there also are a slew of bug fixes that are designed to improve the performance and reliability of the server. Apache is the most widely used Web server on the Internet and still has roughly 60 percent of the market share right now, according to Netcraft.