More than half of the Web servers in use today could be vulnerable
to worm attacks, according to UK vulnerability testing site
Netcraft.
In the Microsoft Internet Information Services (IIS) world,
Netcraft tests showed that more than half of the servers currently
in use do not appear to have disabled HTR features following
Microsoft's warnings about an HTR chunked encoding buffer overrun
vulnerability put out on 10 June.
HTR scripts allow users to change passwords and allow
administrators to perform various password management tasks.
Carefully encoded HTR scripts could allow a hacker to plant
malicious code such as a worm.
Although Netcraft cannot say for certain whether the patch has been
applied to any of these servers, the company assumes that many will
not have been patched.
Chunked encoding is also a vulnerable area on Apache Web servers,
and on 17 June a warning was issued. According to Netcraft, more
than six million sites have taken immediate action but this leaves
14 million still vulnerable.
Netcraft said, "Conditions are ripe for an epidemic of attacks
against both Microsoft IIS and Apache-based sites." As if to
illustrate Netcraft's point, an Internet worm called Scalper has
started attacking Apache Web servers running on the FreeBSD
operating system. The worm scans for vulnerable sites and installs
a backdoor through which a hacker could penetrate a system. This
may be the thin end of a wedge that could prise open other
Unix-like systems.