Joined: 12 May 2004
|Posted: Thu Aug 25, 2005 5:28 am Post subject: [ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerabili
|Gentoo Linux Security Advisory
Title: Apache 2.0: Denial of Service vulnerability (GLSA 200508-15)
Date: August 25, 2005
Updated: December 30, 2007
A bug in Apache may allow a remote attacker to perform a Denial of Service
The Apache HTTP Server Project is a featureful, freely-available HTTP
Vulnerable: < 2.0.54-r9
Unaffected: >= 2.0.54-r9
Unaffected: < 2.0
Architectures: All supported architectures
Filip Sneppe discovered that Apache improperly handles byterange
requests to CGI scripts.
A remote attacker may access vulnerable scripts in a malicious way,
exhausting all RAM and swap space on the server, resulting in a Denial
of Service of the Apache server.
There is no known workaround at this time.
All apache users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.54-r9"
ASF Bugzilla Bug 29962
Last edited by GLSA on Mon Apr 29, 2013 4:20 am; edited 5 times in total