GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Aug 25, 2005 5:28 am Post subject: [ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerabili |
|
|
Gentoo Linux Security Advisory
Title: Apache 2.0: Denial of Service vulnerability (GLSA 200508-15)
Severity: normal
Exploitable: remote
Date: August 25, 2005
Updated: December 30, 2007
Bug(s): #102991
ID: 200508-15
Synopsis
A bug in Apache may allow a remote attacker to perform a Denial of Service
attack.
Background
The Apache HTTP Server Project is a featureful, freely-available HTTP
(Web) server.
Affected Packages
Package: www-servers/apache
Vulnerable: < 2.0.54-r9
Unaffected: >= 2.0.54-r9
Unaffected: < 2.0
Architectures: All supported architectures
Description
Filip Sneppe discovered that Apache improperly handles byterange
requests to CGI scripts.
Impact
A remote attacker may access vulnerable scripts in a malicious way,
exhausting all RAM and swap space on the server, resulting in a Denial
of Service of the Apache server.
Workaround
There is no known workaround at this time.
Resolution
All apache users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.54-r9" |
References
ASF Bugzilla Bug 29962
CVE-2005-2728
Last edited by GLSA on Mon Apr 29, 2013 4:20 am; edited 5 times in total |
|