|
|
|
|
Apache Denial of Service and Potential System Compromise Vulnerabilities
|
|
Secunia Advisory:
|
SA8881
|
|
|
Release Date:
|
2003-05-28
|
|
Popularity:
|
12,252 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Apache 2.0.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2003-0189
CVE-2003-0245
|
|
Description:
Two vulnerabilities have been reported in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system or potentially compromise it.
1) The vulnerability can be exploited through "mod_dav" and potentially also other mechanisms. Successful exploitation can result in a DoS and may also allow execution of arbitrary code with the privileges of the web service according to a Red Hat advisory (see "Other References").
Versions 2.0.37 through 2.0.45 have been reported as vulnerable.
Apache Software Foundation states that further information regarding this vulnerability will be released on 30th May.
2) The vulnerability is caused due to an error in the basic authentication module and has been reported to affect versions 2.0.40 through 2.0.45 on Unix platforms. This can be exploited to cause a DoS, which makes Basic Authentication fail until the web service is restarted.
Successful exploitation requires that a threaded MPM (Multi-Processing Modules) is used.
Solution:
Upgrade to version 2.0.46:
http://httpd.apache.org/download.cgi
Provided and/or discovered by:
1) David Endler
2) John Hughes
Original Advisory:
http://www.apache.org/dist/httpd/Announcement2.html
Other References:
https://rhn.redhat.com/errata/RHSA-2003-186.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
19th Nov, 2008
|
New advisories:
|
9 |
|
New vulnerabilities:
|
26 |
|
Updated advisories:
|
61 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
18th Nov, 2008
|
New advisories:
|
27 |
|
New vulnerabilities:
|
38 |
|
Updated advisories:
|
26 |
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
