Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a pre-recorded Black Hat conference presentation that delves deep into the security vulnerabilities of Apache HTTP Server through the lens of module interactions and semantic ambiguity. Learn how seemingly innocuous structure modifications can cascade through multiple layers of the server architecture, creating various attack vectors. Discover two novel types of Confusion Attacks that enable navigation between HTTP server modules, leading to exploits ranging from arbitrary source code disclosure to ACL bypasses, SSRF vulnerabilities, and even remote code execution. Gain valuable insights for developers on avoiding problematic module development, help server administrators identify potential vulnerabilities, and equip security researchers with knowledge to uncover similar hidden issues. Through detailed analysis of the Apache HTTP Server's modular architecture, which handles one-third of web server traffic worldwide, understand how implementation details and inter-module communication gaps can be exploited to compromise web security.
