Another security hole emerged for software used across multiple server platforms, but just like the last breach reported, HP 3000 systems were safe from malice. Apache, the Web server in use across the majority of the world’s Web sites, is vulnerable to denial of service attacks, according to CERT Security Advisory CA-2002-17. The advisory reports that handling of large data chunks in Apache-based Web servers — both the 2.0 versions and the 1.3.x versions of the servers — leaves the companies using Apache open for DOS attacks, or worse, rogue programming code that could be executed on targeted servers. HP-UX servers have to download patches from HP to resolve the problem, but HP 3000 customers are immune.

According to Mark Bixby, the HP engineer who first ported Apache to MPE/iX, “MPE isn't vulnerable to executions of arbitrary code via stack overflows. The most trouble this Apache problem will cause on MPE is for child processes to abort and then be respawned. We currently have no plans to rush out a 1.3.26 patch.” Sites running Apache on other platforms can get a complete report on the potential for malice at the CERT Web site, http://httpd.apache.org/info/security_bulletin_20020620.txt.