Newport Beach, CA - August 14, 2002 (PRN):PivX Solutions, a leader in Network Security is pleased to announce the hiring of one of the worlds pre-eminent security researchers, Luigi Auriemma of Milano, Italy. Luigi has been personally responsible for the discovery of hundreds of software bugs and security vulnerabilities in operating systems and software the world over. As a part of Luigi's agreement with PivX Solutions, he will continue to research security vulnerabilities and he will release those finding's through PivX and their exclusive security and media network. Luigi can be reached at aluigi@pivx.com

Today Luigi and PivX have released their discovery of a new vulnerability in Apache 2.0 Server Software. This vulnerability has been classified as an extremely high risk. The vulnerability Luigi has found is a large hole in Windows 32bit Apache Server Software.

Red Hat Director of Engineering and Editor of ApacheWeek Mark J. Cox warned of an Apache 2.0 vulnerability which could allow an attacker to "inflict serious damage to a server, and reveal sensitive data."

The flaw, discovered by Pivx bug-hunter Auriemma Luigi, affects default installations of the Apache Web server in non-Unix platforms like Windows OS2 and Netware. The flaw does not appear to affect UNIX and other variant platforms, Cox said, though he noted that Cygwin users are likely to be affected. Luigi notified the Apache Software Foundation of the vulnerability last Wednesday. PivX applauds the speedy response time of the Apache foundation regarding this vulnerability, a fixed version was produced within 24hours of finding the bug.

PivX has provided a simple fix to the insidious hole. Prior to the first 'Alias' or 'Redirect' directive, simply add the following directive to the global server configuration:
* RedirectMatch 400 "\\\.\."
The fixes for the vulnerability are included in Apache version 2.0.40, in addition to fixes for a number of less serious security flaws. Both the Apache Software Foundation and Luigi plan to release more information in the coming weeks. For more information on the workaround and the vulnerability please visit http://www.pivx.com.

About PivX Solutions

PivX Solutions, is a premier network security consultancy offering a myriad of network security services to our clients, the most notable being our proprietary Risk and Vulnerability Assessment (RAVA). Dedicated PivX founders have also developed the patented Invisiwall™ network security device which offers the most comprehensive and secure intrusion detection system available.

For more information contact Geoff Shively CHO and Co-founder: gshively@pivx.com.

Press Inquiries: press@pivx.com or rob@centrifgepartners.com

Information from Press Release Network may be freely distributed to any publication. Wherever applicable, please cite Press Release Network as the news source.

DISCLAIMER: The content of each press release is the responsibility of the publishing organization and is not vetted or approved by Press Release Network prior to publication. Press Release Network is not liable directly or indirectly for any direct or consequential loss, damage or expense resulting from the material disseminated and published on the site. Subscribers are advised to check the accuracy of all press releases and to obtain their own professional advice in relation to such information.