Ike.ninja

In the February 2023 survey we received responses from 1,127,630,293 sites across 270,727,775 unique domains, and 12,142,793 web-facing computers. This reflects a loss of 4,638,508 sites, 240,148 domains and 13,907 computers.

OpenResty had the largest percentage growth in sites this month: it is now used by 95,176,082 sites, an increase of 2,884,258 (+3.13%) since last month. This brings its share of sites to 8.44%, up from 8.15% (+0.29pp). OpenResty’s market share by domain count remained stable, with a slight 0.01pp increase this month – its small loss of 14,039 domains was counteracted by the greater loss of domains across all vendors this month.

Cloudflare continues to grow, gaining 1,669,867 sites (+1.49%) and 500,432 domains (+1.89%) since our January survey. Following Cloudflare becoming the most commonly used web server vendor within the top million sites last month, it has started to cement its position: gaining 672 sites (+0.31%) of the top million sites this month, giving it a 21.71% market share (+0.07pp).

Meanwhile, Apache lost 626 sites (-0.29%) in the top million sites, bringing its share to 21.34% (-0.06pp). Outside of the top million, Apache saw more significant losses, netting a decrease of 2,593,754 sites (-1.11%) and 434,071 domains (-0.74%).

Similarly to Apache, nginx lost a significant number of domains this month, being down by 483,620 domains since our January survey (-0.66%). However, nginx maintained its overall site count and even gained 219 of the top million busiest sites, giving it a 21.23% share (+0.02pp) within the top million sites.

The largest loss in sites for a major vendor this month comes from Microsoft, which is down 2,866,173 sites (-9.59%) and 74,094 domains (-0.98%). This continues its consistent downwards trend since December 2018.

Vendor News

• Apache 2.4.55 was released on 17th January 2023. This includes a fix for the CVE-2022-36760 vulnerability. This vulnerability affects configurations using mod_proxy_ajp, a proxy server which forwards requests to an application server using the Apache JServ Protocol (AJP). The vulnerability allowed attackers to smuggle requests to the backend AJP server without being correctly processed by the proxy server.
• AWS announced general availability of its Asia Pacific (Melbourne) region, as well as general availability of Local Zones in Perth and Santiago.
• Microsoft released Azure Load Testing, a service that can test a web application’s resilience to high load.

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Several security issues were fixed in lighttpd.

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

– fix HTTP multi-header compression denial of service (CVE-2023-23916)

Several security issues were fixed in MPlayer.

Join Josepha as she discusses her top 3 takeaways from the first-ever WordCamp Asia in Bangkok!

New upstream version, including fix for CVE-2023-26081

Security fix for CVE-2023-0056, CVE-2023-25725

Security fix for CVE-2023-0056, CVE-2023-25725

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

Fix a possible DOS involving the Qt SQL ODBC driver plugin.

Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.

Brief introduction CVE-2023-22490