Hosted on MSN

New York orders urgent patch for critical Apache HTTP/2 flaw

What’s the flaw?: A memory corruption bug in Apache HTTP/2 can enable denial-of-service or remote code execution without authentication. Why the urgency?: New York’s IT agency confirmed working ...
Ars Technica

Apache Authentication

See the entry Can I use my /etc/passwd file for Web page authentication? in the Apache FAQ. They say it's a very bad idea. If you still want to do it, take a look at mod_auth_pam, an Apache module ...
Ars Technica

Apache authentication based on the IP address

I wonder if this is possible to achieve using an .htaccess file.<br>I have a few virtual sites on a Apache server (2.0.43), that I have password protected it with an .htaccess file, everything is ...
TechRadar

These vulnerabilities in Apache HTTP Server enable HTTP Request Smuggling and SSL Authentication Bypass, posing severe threats to organizations worldwide

These vulnerabilities present a severe risk to organizations that rely on Apache HTTP Server especially the systems using versions 2.4.0 through 2.4.61. There are over 7.6 million instances exposed to ...
Bleeping Computer

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. Apache OFBiz (Open For Business) is an ...
Simon Fraser University

CAS Apache module

Before SFU adopted CAS as its authentication method for the web, we already had an Apache authentication/authorization module that allowed limited access control ...