From: Cetin, Gorkem (gorkem@gelecek.com.tr)
Date: Tue 02 Jul 2002 - 12:49:54 EEST
---------- Forwarded message ----------
Date: Mon, 1 Jul 2002 13:44:42 +0100 (BST)
From: Mike Prettejohn <mhp@netcraft.co.uk>
To: gorkem@gelecek.com.tr
Subject: June 2002 Netcraft Web Server Survey
The June 2002 Netcraft Web Server Survey is out;
http://www.netcraft.com/survey/
Top Developers
Developer May 2002 Percent June 2002 Percent Change
Apache 21120388 56.21 23154909 59.67 3.46
Microsoft 11902821 31.68 11239613 28.96 -2.72
Zeus 849089 2.26 799173 2.06 -0.20
iPlanet 824245 2.19 687004 1.77 -0.42
Active Sites
Developer May 2002 Percent June 2002 Percent Change
Apache 10411000 65.11 10964734 64.42 -0.69
Microsoft 4121697 25.78 4243719 24.93 -0.85
iPlanet 247051 1.55 281681 1.66 0.11
Zeus 214498 1.34 227857 1.34 0.00
Around the Net
Web more vulnerable to attack now than at any time previously.
The publication of serious vulnerabilities in Microsoft-IIS and Apache
over the last three weeks has created a situation where a majority of
internet sites are likely to be accessible to remote exploit. On 11th
June, Microsoft released a trio of advisories, the most serious of
which referred to a [2]HTR buffer overflow that could be used to
remotely compromise machines running Microsoft-IIS.
Although Netcraft can not explicitly test for the vulnerability
without prior permission from the sites, around half of the
Microsoft-IIS sites on the internet have .[3]htr mapping enabled,
which indicates that the site is likely to be vulnerable to the
attack, and indeed that some number will already be under the control
of an external attacker.
On the 17th June it was [4]reported that many versions of the Apache
web server were vulnerable to a buffer overflow through flawed
functionality affecting its "Chunked Encoding" mechanism. If
exploited, this could lead to a remote system compromise and exploits
are already known to have been been developed for Windows, FreeBSD and
OpenBSD. There is an active debate on whether exploits are possible
for Linux and Solaris.
Apache administrators have reacted quite quickly to the problem, and
within a week of first publication, well over 6 million sites have
been upgraded to Apache/1.3.26, issued by the Apache project in
response to the problem. However, this still leaves around 14 Million
potentially vulnerable Apache sites.
With over half of the internet's web servers potentially vulnerable,
conditions are ripe for an epidemic of attacks against both
Microsoft-IIS and Apache based sites, and the first [5]worm,
targeting sites running Apache on FreeBSD, has been spotted this
weekend.
Although potentially very disruptive, worms have a positive aspect, in
that they draw the administrators attention to vulnerable servers, and
once patched the server is usually no longer available as a platform
for more insidious activity. Last year, immediately prior to the Code
Red worm, Netcraft was finding that around 1 in six ecommerce sites
running Microsoft-IIS taking a security test from Netcraft for the
first time had already been successfully compromised, and had a
backdoor giving an external attacker control over the machine. The
clear up from Code Red had the positive effect of flushing the
majority of these backdoors out of the internet.
Additionally, Microsoft has yesterday announced [6]details of some
severe vulnerabilities in its Commerce Server software which give
remote attackers the ability to execute arbitrary code on the server.
There are around 36,000 sites using Commerce Server [or Site Server,
its predecessor] including a significant number of ecommerce sites and
banks.
It is noteworthy that the vulnerabilities are equally applicable to
SSL sites, and that in particular, most intrusion detection (IDS)
facilities will not flag attacks implemented over SSL because the
traffic is encrypted. This can provide a false sense of confidence to
administrators, and, symmetrically, a suitable means of a stealthy
attack.
Everyone is encouraged to test their networks for vulnerabilities;
details on Netcraft's own security testing services are available
[1]here.
References
1. http://www.netcraft.com/security/
2. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-028.asp
3. http://www.netcraft.com/security/public-advisories/htr.html
4. http://httpd.apache.org/info/security_bulletin_20020620.txt
5. http://dammit.lt/apache-worm
6. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-033.asp
Internet Research from Netcraft.
Netcraft does commercial internet research projects. These include
custom cuts on the Web Server Survey data, hosting industry analysis,
corporate use of internet technology and bespoke projects. All of the data
is gathered through network exploration, not teleresearch.
Network Security Testing from Netcraft.
Netcraft provides automated network security testing of customer networks
and consultancy audits of ecommerce sites, Clients include IBM,
Hewlett Packard, Deloitte & Touche, Energis, Britannic Asset Management,
Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc.
Details at http://www.netcraft.com/security/
To unsubscribe from the Netcraft Web Server Survey Announcements list
send the message
unsubscribe webserver-survey
To resubscribe send the message
subscribe webserver-survey
Mike
-- Mike Prettejohn mhp@@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600 Netcraft Rockfield House Granville Road Bath BA1 9BQ England----------------------------------------------------------------------- Liste üyeliğiniz ile ilgili her türlü işlem için http://liste.linux.org.tr adresindeki web arayüzünü kullanabilirsiniz. Listeden çıkmak için: 'linux-request@linux.org.tr' adresine, "Konu" kısmında "unsubscribe" yazan bir e-posta gönderiniz. -----------------------------------------------------------------------