Apache Bug Could Leak Data


A security researcher found a vulnerability that could result in a memory leak of servers running Apache software—but only in shared environments and in some rare configurations, according to a security researcher.

Researcher Hanno Bock released a report Sept. 18 on Optionsbleed, a vulnerability in the Apache HTTP Server Project that allows servers to send back data after a malformed request, according to Naked Security. That returned data could be the users—or whatever is laying around on the server.

The vulnerability isn’t widespread, affecting about 466 out of 1 million sites, according to tests.