Apache database open to remote attack

Companies running a popular open-source database on Apache servers run the risk of falling victim to a critical security flaw.

The flaw affects firms running Apache with a PostgreSQL database, potentially allowing remote attackers to compromise systems.

Open-source software company Red Hat warned of the flaw and issued a patch to prevent users falling victim to the vulnerability in the mod_auth_pgsql module.

Download this free guide

Enhancing digital customer engagement with CRM

Learn about customer relationship management has evolved towards engaging with customers through every channel, with digital at the forefront.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This module allows Apache users to authenticate information held in the open-source PostgreSQL database.

Security software companies including iDefense and Secunia have discovered several format string flaws in the way mod_auth_pgsql logs information. The flaws could allow unauthenticated remote attackers to execute malicious code using the same privileges held by the Apache user.

Other open-source software companies, including Ubuntu and Mandriva, have also issued patches against the problem.

Apache is the most widely used server software on the internet.