9994 : Apache HTTP Server apr-util IPV6 Parsing DoS
Printer | http://osvdb.org/9994 | Email This | Edit Vulnerability

Views This Week

Views All Time

108

Info

Last Modified

8 months ago

Percent Complete

90%

Disclosure

Sep 15, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The IPv6 URI parsing routines in the apr-util library for Apache HTTP Server and IBM HTTP Server contains a flaw that may allow a remote denial of service. With a specially crafted URI request, a remote attacker could cause a httpd child process to crash, resulting in a loss of availability for the service.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.0.51 or higher or apply the patch from IBM, as it has been reported to fix this vulnerability.

Products

Apache Software Foundation	HTTP Server	2.0.40
		2.0.42
		2.0.43
		2.0.44
		2.0.45
		2.0.46
		2.0.47
		2.0.35
		2.0.36
		2.0.37
		2.0.39
		2.0.48
		2.0.49
		2.0.50

International Business Machines Corporation	HTTP Server	2.0.47
		2.0.47.1
		2.0.42.2

Hewlett-Packard Development Company, L.P.

Secure Web Server (SWS)

6.3

References

Security Tracker: 1011299
Secunia Advisory ID: 12540 12922 13025
ISS X-Force ID: 17382
CVE ID: 2004-0786 (see also: NVD)
Related OSVDB ID: 9991
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868
http://security.gentoo.org/glsa/glsa-200409-21.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:096
http://www.suse.de/de/security/2004_32_apache2.html
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3404.txt
Vendor URL: http://httpd.apache.org/
http://www.ibm.com/us/
Vendor Specific Advisory URL: http://www-1.ibm.com/support/docview.wss?rs=177&uid=swg24007795
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01090
Vendor Specific Solution URL: http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0786.patch
http://www.apacheweek.com/features/security-20
Keyword: PQ94086
RedHat RHSA: RHSA-2004:463

Tools & Filters

Nessus	14731 14736 14748 14752 14761 14764 14765 14766 15898
Snort	5715

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apache Software Foundation

HTTP Server

International Business Machines Corporation

HTTP Server

Hewlett-Packard Development Company, L.P.

Secure Web Server (SWS)

References

Tools & Filters

Credit

Blogs

Comments