Context security researchers have discovered a security flaw in the Apache Web server that could be used by remote attackers to access internal servers.
"The only prerequisite is that the attackers must know the local host name or the local IP address of the server they intend to access; however, this information can be obtained by brute force," The H Security reports.
"Apache 1.3 and all series 2 versions up to 2.2.20 are affected," the article states. "As a workaround, an extra slash can be added to the rewrite rule. The report from Context also explains how to test whether a server is vulnerable and what to change if this is the case."
Go to "Apache hole allows attackers to access internal servers" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.