off-sites

A recently discovered security vulnerability in Apache HTTP server 2.2.14 or lower, which could allow a remote attacker to gain complete control of a database, posts very limited threat for Off-sites users.

The vulnerability is limited to the mod_isapi module which is not configured to be used in our Apache HTTP server configuration. Therefore the module can not be invoked. Furthermore the actual vulnerability has only been shown in laboratory conditions and has not been spotted "in the wild" yet.

Next releases of the Off-sites Suite will include the Apache HTTP server version 2.2.15 (or higher) where this vulnerability is resolved to prevent future exploits.

An upgrade manual has been prepared for users who would prefer an upgrade of there current Apache HTTP server to the new 2.2.15 release. Contact Application support for this.