Some 75% of Web servers running Apache-SSL, the secure version of the popular open source software, are vulnerable, as they have not been upgraded to fix a serious flaw uncovered in June, according to a Netcraft survey released yesterday (20 August).
Instead, Web administrators seem to have given priority to patching regular Apache installations, said Netcraft. The survey found that around half of the 22 million Web sites that rely on regular Apache software have been patched.
"This is inherently daft," said Netcraft director Mike Prettejohn. "Administrators seem to be patching their most visible, most highly used servers first, rather than those that could present the greatest risk."
Prettejohn said complacency rather than ignorance among Web administrators was to blame. The last six weeks has seen a series of major Internet security scares involving among others, Apache servers and Microsoft's Commerce Server and Internet Explorer.
Apache-SSL is a combination of the Apache Web server and OpenSSL security software meant to offer secure Web site connections.
Apache is the most used Web server software in the world, with 66% of active sites running Apache, according to Netcraft, which published a monthly survey of global Web server security.