Apache contains a flaw that may allow a remote denial of service. The issue is triggered when overly long header lines starting with either a TAB or SPACE character are processed by the "ap_get_mime_headers_core()" function, and will result in loss of availability for the service.

Upgrade to version 2.0.50 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1010599 1010621
• Secunia Advisory ID: 11956 11967 12004 12023 12098 12181 12244 12646
• CVE ID: 2004-0493 (see also: NVD)
• Milw0rm: 360 371
• Exploit Database: 360 371
• Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868
  http://rhn.redhat.com/errata/RHSA-2004-342.html
  http://www.apacheweek.com/features/security-20
  http://www.guninski.com/httpd1.html
  http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:064
  http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01064
• Vendor Specific Advisory URL: http://security.gentoo.org/glsa/glsa-200407-03.xml
  http://www-1.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21174271&loc=en_US&cs=utf-8&lang=en+en
• Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg24007451
• Vendor URL: http://www.apache.org
  http://www.apachefriends.org/en/xampp-linux.html
• Generic Exploit URL: http://www.securiteam.com/exploits/5TP0Q0ADFO.html

• Georgi Guninski - guninskiguninski.com - Personal Page