Grave exploit descubierto para Apache < 2.2.15

Se ha se descubierto un grave exploit para Apache. La compañía de seguridad “Sense of Security” descubrió un serio bug en los servidores web Apache que podría permitir a un atacante remoto obtener control sobre una base de datos. Una vulnerabilidad existente en el módulo “mod_isapi” del core de Apache podría permitir a un atacante obtener privilegios de administrador, comprometiendo seriamente la seguridad de la información. Se recomienda actualizar a la versión 2.2.15 de Apache que corrige el bug.
Ampliación de la noticia en inglés original:

Fixed in Apache httpd 2.2.15 
important: mod_isapi module unload flaw CVE-2010-0425
A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution.

Acknowledgements: We would like to thank Brett Gervasoni of Sense of Security for reporting and proposing a patch fix for this issue.

Update Released: 5th March 2010

Affects: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

low: Subrequest handling of request headers (mod_headers) CVE-2010-0434
A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in array to the subrequest, instead of a pointer to the parent request’s array as it had for requests without request bodies. This meant all modules such as mod_headers which may manipulate the input headers for a subrequest would poison the parent request in two ways, one by modifying the parent request, which might not be intended, and second by leaving pointers to modified header fields in memory allocated to the subrequest scope, which could be freed before the main request processing was finished, resulting in a segfault or in revealing data from another request on threaded servers, such as the worker or winnt MPMs.

Acknowledgements: We would like to thank Philip Pickett of VMware for reporting and proposing a fix for this issue.

Update Released: 5th March 2010

Affects: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

moderate: mod_proxy_ajp DoS CVE-2010-0408
mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service.

Acknowledgements: We would like to thank Niku Toivola of Sulake Corporation for reporting and proposing a patch fix for this issue.

Update Released: 5th March 2010

Affects: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
 Fuente

Comentario:
A todos los que tienen servidores con Apache, actualizar al 2.2.15 indicado

saludos

ms, 9-3-2010