The Web is more vulnerable to attack now than at any time previously.
That's the stark conclusion of Netcraft's latest monthly survey of Web servers, which expresses concerns over the emergence of serious vulnerabilities in both Microsoft's IIS and Apache Web servers over the last month.
On June 11, Microsoft released a trio of advisories, the most serious of which referred to a HTR buffer overflow that could be used to remotely compromise machines running Microsoft-IIS.
Although Netcraft can not explicitly test for the vulnerability without prior permission from the sites, around half of the Microsoft IIS sites on the internet have HTR buffer overflow enabled, making it likely that many will be vulnerable to attack.
Days later it was reported that many versions of the Apache Web server were vulnerable to a buffer overflow because of a flaw in the Web server's "Chunked Encoding" mechanism.
Netcraft's report says: "With over half of the Internet's web servers potentially vulnerable, conditions are ripe for an epidemic of attacks against both Microsoft-IIS and Apache based sites, and the first worm, targeting sites running Apache on FreeBSD, has been spotted this weekend."
News source: The Register
View: The entire article