SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  Apache Vendors:  Apache Software Foundation
(Gentoo Issues Fix) Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
SecurityTracker Alert ID:  1012183
SecurityTracker URL:  http://securitytracker.com/id?1012183
CVE Reference:  CAN-2004-0942   (Links to External Site)
Date:  Nov 11 2004
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.0.52 and prior 2.0.x versions
Description:  A denial of service vulnerability was reported in the Apache web server. A remote user can consume excessive resources on the target system.

Chintan Trivedi reported that a remote user can submit multiple, specially crafted HTTP GET requests containing spaces to cause denial of service conditions on the target system.

The vendor later reported that the field length limit is not properly enforced for certain malicious requests.

A demonstration exploit request is provided:

GET / HTTP/1.0\n
[space] x 8000\n
[space] x 8000\n
[space] x 8000\n
.
.
8000 times
Impact:  A remote user can consume excessive resources on the target system.
Solution:  Gentoo has released a fix and indicates that all Apache 2.0 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/apache-2.0.52-r1"
Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:  Resource error
Underlying OS:  Linux (Gentoo)
Reported By:  Matthias Geerdsen <vorlon@gentoo.org>
Message History:   This archive entry is a follow-up to the message listed below.
Nov 4 2004 Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service


 Source Message Contents
Date:  Wed, 10 Nov 2004 18:02:49 +0100
From:  Matthias Geerdsen <vorlon@gentoo.org>
Subject:  [gentoo-announce] [ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption

 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig404CD3ED03E0D9287FD805A6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200411-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Apache 2.0: Denial of Service by memory consumption
      Date: November 10, 2004
      Bugs: #70138
        ID: 200411-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A flaw in Apache 2.0 could allow a remote attacker to cause a Denial of
Service.

Background
==========

The Apache HTTP Server is one of the most popular web servers on the
Internet.

Affected packages
=================

    -------------------------------------------------------------------
     Package         /   Vulnerable   /                     Unaffected
    -------------------------------------------------------------------
  1  net-www/apache      < 2.0.52-r1                      >= 2.0.52-r1
                                                                 < 2.0

Description
===========

Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is
caused by improper enforcing of the field length limit in the
header-parsing code.

Impact
======

By sending a large amount of specially-crafted HTTP GET requests a
remote attacker could cause a Denial of Service of the targeted system.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Apache 2.0 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/apache-2.0.52-r1"

References
==========

  [ 1 ] CAN-2004-0942
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
  [ 2 ] Security vulnerabilities in Apache httpd 2.0
        http://www.apacheweek.com/features/security-20

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200411-18.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--------------enig404CD3ED03E0D9287FD805A6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBkkm9Gc/RGrFqUYMRAhfrAJ4lj7691QkeaGznQzIpOsstXgnvwQCdHDJB
lI6q6UgrYfB/1pkGSU//dI0=
=KfHR
-----END PGP SIGNATURE-----

--------------enig404CD3ED03E0D9287FD805A6--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC