RealTime IT News

Apache Refreshes Web Server Line

The Apache Software Foundation (ASF) has released a new update to its Apache 1.3.x Web Server line. Apache 1.3.32 includes numerous bug fixes and a critical vulnerability fix.

The new Web server fixes CAN-2004-0492, a heap-based buffer overflow that exists in Apache Web Server versions 1.3.25 through 1.3.31. The vulnerability could potentially allow a malicious remote user to cause a Denial-of-Service attack and potentially even execute arbitrary code.

Among the numerous bug fixes in Apache 1.3.32 are a trio for the popular mod_rewrite module, which allows URLs to be rewritten from complex multi-character, multi-string addresses to a simpler and more user-friendly addresses.

Re-writing URLs is important for both search engines in some cases to be able to properly spider a site and also for users who want to type in a simple Web address as opposed to having to type in (or copy) a complex long address full of various strings. The mod_rewrite bugs fixed in this version of Apache include a query string fix for handling proxied URLS and a fix for 0 bytes written into a random memory position. It also includes a fix for a memory leak in the cache handling of mod_rewrite.

Apache Web servers have dominated the web server space for more than eight years. The latest Netcraft Web Server Survey for October 2004 revealed Apache's dominant position with more than 67 percent of all Web sites on the Internet being served by an Apache Web Server.

The ASF itself is also none too shy to tout its position, stating in the release announcement for Apache 1.3.32 that, "Apache is the most popular Web server in the known universe; over half of the servers on the Internet are running Apache or one of its variants."

However, the Apache 1.3.x line is technically not supposed to be the leading edge of Apache development. The Apache 2.x branch began development in earnest in 1998. The ASF has been using Apache 2.x to run apache.org since December 2000, and the first production-ready version of Apache 2..x was released in April of 2002. The latest version of the Apache 2.x branch, 2.0.52 was released in late September.

As far back as the 2.0.35 release, the ASF was encouraging Apache users to migrate to the new branch. Yet in spite of that, the Apache 1.3.x line still persists and arguably remains more pervasive than its successor.