The Apache Software Foundation Inc.'s Apache HTTP Server has earned what many hope for and few achieve: an enviable security reputation. This achievement is especially striking when contrasted with Microsoft Corp.'s IIS (Internet Information Services) Web server (see story), which has . . .
The Apache Software Foundation Inc.'s Apache HTTP Server has earned what many hope for and few achieve: an enviable security reputation. This achievement is especially striking when contrasted with Microsoft Corp.'s IIS (Internet Information Services) Web server (see story), which has gained the reputation of having more holes than Swiss cheese.

A study of Apache security advisories dating back to Apache 1.0 shows the server's last serious problem (one where remote attackers could run arbitrary code on the server) was announced in January 1997. This problem was a buffer overflow in Apache's cookie module that was fixed in Apache 1.1.3.

The link for this article located at ZDNet eWeek is no longer available.