An exploit was discovered that allows a malicious user to terminate the Apache server running on Win32 or OS2. Depending on the specific OS version, the server would stop listening to further requests until the administrator cleared the fault, but in all cases the server would not respond until it completed its restart, which could take up to one minute. Current responses from the server would be terminated.
The fixfault_win32_os2-1.3.19.patch file is available here. Since many Win32 and OS2 users rely on binary releases, the replacement for the core binary module file is available in the win32 and os2 folders below. Please read the information on those download pages carefully.
Users of older versions of Apache on Win32 and OS2 platforms are cautioned to to upgrade to 1.3.19 and apply this fix. All Win32 and OS2 users are strongly encouraged to upgrade to 1.3.20 once it is released.
No other operating systems are effected by the vulnerability. We are not aware of any exploits of this vulnerability other than denial of service to Win32 and OS2 servers.