SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  Apache Vendors:  Apache Software Foundation
(Apple Issues Fix for OS X) Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
SecurityTracker Alert ID:  1012404
SecurityTracker URL:  http://securitytracker.com/id?1012404
CVE Reference:  CAN-2004-0751   (Links to External Site)
OSVDB Reference:  9742   (Links to External Site)
Date:  Dec 2 2004
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.0.50
Description:  A vulnerability was reported in Apache mod_ssl when used as a reverse proxy. A remote user can cause denial of service conditions in a certain configuration.

M. "Alex" Hankins reported that a remote user can trigger a memory error in char_buffer_read() when using a RewriteRule to reverse proxy SSL connections. A remote server can cause Apache to crash.
Impact:  A remote server can cause Apache to crash.
Solution:  Apple has issued a fix as part of Security Update 2004-12-02, available at:

- Software Update preferences

- Apple Downloads:

http://www.apple.com/swupdates/
Vendor URL:  issues.apache.org/bugzilla/show_bug.cgi?id=30134 (Links to External Site)
Cause:  Boundary error
Underlying OS:  UNIX (OS X)
Underlying OS Comments:  Mac OS X Server v10.3.6, Mac OS X Server v10.2.8

Message History:   This archive entry is a follow-up to the message listed below.
Sep 10 2004 Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections


 Source Message Contents
Date:  Thu, 2 Dec 2004 16:38:30 -0500
Subject:  [none]

 
 
Security Update 2004-12-02
 
Apache
Available for: Mac OS X Server v10.3.6, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1082 
Impact: Apache mod_digest_apple authentication is vulnerable to replay attacks.
Description: The Mac OS X Server specific mod_digest_apple is based on Apache's 
mod_digest. Multiple corrections for a replay problem in mod_digest were made in 
versions 1.3.31 and 1.3.32 of Apache (CAN-2003-0987). This update corrects the replay 
problem in mod_digest_apple authentication using the modifications made to Apache 
1.3.32.
 
 
Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X 
Server v10.2.8
CVE-ID: CAN-2003-0020, CAN-2003-0987, CAN-2004-0174, CAN-2004-0488, CAN-2004-0492, CAN-2004-0885, CAN
-2004-0940
Impact: Multiple vulnerabilities in Apache and mod_ssl including local privilege 
escalation, remote denial of service and in some modified configurations execution of 
arbitrary code.
Description: The Apache Group fixed a number of vulnerabilities between versions 1.3.29 
and 1.3.33. The Apache Group security page for Apache 1.3 is located at 
http://www.apacheweek.com/features/security-13. The previously installed version of 
Apache was 1.3.29. The default installation of Apache does not enable mod_ssl. This 
update fixes all of applicable issues by updating Apache to version 1.3.33 and the 
companion mod_ssl to version 2.8.22.
 
 
Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X 
Server v10.2.8
CVE-ID: CAN-2004-1083
Impact: Apache configurations did not fully block access to ".DS_Store" files or those 
starting with ".ht".
Description: A default Apache configuration blocks access to files starting with ".ht" 
in a case sensitive way. The Apple HFS+ filesystem performs file access in a case 
insensitive way. The Finder may also create .DS_Store files containing the names of 
files in locations used to serve web pages. This update modifies the Apache 
configuration to restricts access to all files beginning with ".ht" or ".DS_S" 
regardless of capitalization. More...
 
 
Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X 
Server v10.2.8
CVE-ID: CAN-2004-1084
Impact: File data and resource fork content can be retrieved via HTTP bypassing normal 
Apache file handlers.
Description: The Apple HFS+ filesystem permits files to have multiple data streams. 
These data streams can be directly accessed using special filenames. A specially 
crafted HTTP request can bypass an Apache file handler and directly access file data or 
resource fork content. This update modifies the Apache configuration to deny requests 
for file data or resource fork content via their special filenames. For more 
information, see this document. Credit to NetSec for reporting this issue.
 
 
Apache 2
Available for: Mac OS X Server v10.3.6, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-0747, CAN-2004-0786, CAN-2004-0751, CAN-2004-0748
Impact: Modified Apache 2 configurations could permit a privilege escalation for local 
users and remote denial of service.
Description: A customer-modified Apache 2 configuration, where AllowOverride has been 
enabled, could permit a local user to execute arbitrary code as the Apache (www) user. 
An unmodified configuration is not vulnerable to this problem. This update also 
addresses bugs in Apache that could allow certain types of requests to crash the 
server. Apache is updated to version 2.0.52. Apache 2 ships only with Mac OS X Server, 
and is off by default.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC