All of the affected web servers that we have examined use the Linux 2.6 kernel.
For clarity, the old kernel is a common indicator on the compromised hosts.
Okay, so between 2003 and 2011 there have probably been 3 dozen versions of that kernel. The overwhelming majority of Linux based web servers run the vetted, thoroughly tested and patched, tried and true 2.6 series Linux Kernel. This makes me concerned Cisco doesn't understand what it means to run a production system. Also, what do they even mean by "web server" are we to assume Apache? Because there are alternatives in use... lots. Considering most Linux based web servers are running a variation of the 2.6 kernel, then of course that's where they will the find the attacks (Duh anyone?). I would be much more interested in what web server we are talking about and any commonality between them over the kernel of the operating system. I am shaking my head trying to figure what this article is really trying to communicate especially since they practically shoot down most of their article with the "Update" at the top.
Although users of Cisco’s Cloud Web Security solution are protected from this attack...
Oh, I get it now.
Marriage is the triumph of imagination over intelligence. Second marriage is the triumph of hope over experience.