The Apache Software Foundation has rushed out another update to the Apache 2.0 HTTP Server because of a significant denial-of-service vulnerability discovered and reported by security research firm iDefense.

An announcement from the Foundation warned that prior Apache 2.0 versions through 2.0.44 contained a serious DoS flaw .

Details of the vulnerability have been embargoed until April 8, but the group wanted to issue a safe upgrade after an embarrassing incident last June, when a high-risk exploit was released on security mailing lists before a patch could be issued.

"No more specific information is disclosed at this time, but all Apache 2.0 users are encouraged to upgrade now," the ASF said. The two security flaws affect all platforms.

That June exploit made the rounds on the popular Bugtraq list with the warning that the Apache exploit tool was "./friendly," meaning anyone with basic scripting capabilities "should be able to run it without any trouble." The release of the source code for the exploit added new fuel to the controversy over how the bug announcement was handled. The original warning was first reported by the ISS, causing friction between the security outfit and the Apache Foundation.

Apache officials were upset they weren't first notified before the ISS issued its advisory and patch, a normal procedure when bugs are detected.

This time around, the Foundation is taking no chances, urging users to upgrade immediately before details are released in a week's time.

The latest Apache 2.0.45 release (download here) also eliminates leaks of several file descriptors to child processes, such as CGI scripts, which could constitute a security threat on servers that run untrusted CGI scripts.

For OS2 users, Apache's announcement contained an ominous warning that the 2.0.45 release would still contain the DoS vulnerability. The Foundation promised a fix for that flaw with an upcoming release of version 2.0.46 but insisted the DoS issues were "too important" to delay further.

Apache is an open-source Web server project developed and maintained by volunteers within the ASF. Latest statistics from Netcraft show Apache dominating the Web server market, with 63 percent, or nearly 24.5 million sites, well ahead of server products from Microsoft and Sun Microsystems .