SecurityTracker.com Archives - (Red Hat Issues Fix) Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > Apache

Vendors: Apache Software Foundation

(Red Hat Issues Fix) Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service

SecurityTracker Alert ID: 1012230

SecurityTracker URL: http://securitytracker.com/id?1012230

CVE Reference: CAN-2004-0942 (Links to External Site)

Date: Nov 14 2004

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.0.52 and prior 2.0.x versions

Description: A denial of service vulnerability was reported in the Apache web server. A remote user can consume excessive resources on the target system.

Chintan Trivedi reported that a remote user can submit multiple, specially crafted HTTP GET requests containing spaces to cause denial of service conditions on the target system.

The vendor later reported that the field length limit is not properly enforced for certain malicious requests.

A demonstration exploit request is provided:

GET / HTTP/1.0\n
[space] x 8000\n
[space] x 8000\n
[space] x 8000\n
.
.
8000 times

Impact: A remote user can consume excessive resources on the target system.

Vendor URL: httpd.apache.org/ (Links to External Site)

Cause: Resource error

Underlying OS: Linux (Red Hat Enterprise)

Reported By: bugzilla@redhat.com

Message History: This archive entry is a follow-up to the message listed below.

Nov 4 2004

Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service

Source Message Contents

Date: Fri, 12 Nov 2004 12:03 -0500
From: bugzilla@redhat.com
Subject: [RHSA-2004:562-01] Updated httpd packages fix a security issue and

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated httpd packages fix a security issue and bugs
Advisory ID:       RHSA-2004:562-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-562.html
Issue date:        2004-11-12
Updated on:        2004-11-12
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0885 CAN-2004-0942
- ---------------------------------------------------------------------

1. Summary:

Updated httpd packages that include fixes for two security issues, as well as
other bugs, are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.

An issue has been discovered in the mod_ssl module when configured to use
the "SSLCipherSuite" directive in directory or location context.  If a
particular location context has been configured to require a specific set
of cipher suites, then a client will be able to access that location using
any cipher suite allowed by the virtual host configuration.   The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0885 to this issue.

An issue has been discovered in the handling of white space in request
header lines using MIME folding.  A malicious client could send a carefully
crafted request, forcing the server to consume large amounts of memory,
leading to a denial of service.  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0942 to this issue.

Several minor bugs were also discovered, including:

- - In the mod_cgi module, problems that arise when CGI scripts are 
  invoked from SSI pages by mod_include using the "#include virtual" 
  syntax have been fixed.

- - In the mod_dav_fs module, problems with the handling of indirect locks
  on the S/390x platform have been fixed.

Users of the Apache HTTP server who are affected by these issues should
upgrade to these updated packages, which contain backported patches.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

132593 - mod_dav_fs: indirect lock refresh broken on s390x
134825 - CAN-2004-0885 SSLCipherSuite bypass
138064 - CAN-2004-0942 Memory consumption DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-44.ent.src.rpm
118f06e0317eb7d5735990049199b354  httpd-2.0.46-44.ent.src.rpm

i386:
07294bc2ae372ae2c033f6c97a425371  httpd-2.0.46-44.ent.i386.rpm
f97f7661878d345e35e49ee5b903ee97  httpd-devel-2.0.46-44.ent.i386.rpm
7ff1d8de6d421d62b5f7c35df785304e  mod_ssl-2.0.46-44.ent.i386.rpm

ia64:
731331f101efda7820988a76265d5b29  httpd-2.0.46-44.ent.ia64.rpm
95451f6b0aaffbccffb8e77c88d36cc1  httpd-devel-2.0.46-44.ent.ia64.rpm
badd71a4a010b5b96d854de8b4ab14c5  mod_ssl-2.0.46-44.ent.ia64.rpm

ppc:
d399d5cbffd283d3e155a2e301542e6f  httpd-2.0.46-44.ent.ppc.rpm
ded92081a835c8e53ccbf6e8f47f244d  httpd-devel-2.0.46-44.ent.ppc.rpm
4a2a5d60a34a09550910738fde57f518  mod_ssl-2.0.46-44.ent.ppc.rpm

s390:
806ff06977f721712068a621c3981f7c  httpd-2.0.46-44.ent.s390.rpm
5912d5b3eb7d18071825ef4bfe3b139b  httpd-devel-2.0.46-44.ent.s390.rpm
6d2866cab66c09694ba6c98b39d3e52b  mod_ssl-2.0.46-44.ent.s390.rpm

s390x:
17bd982545f3e25953a4d3aff7d9ea22  httpd-2.0.46-44.ent.s390x.rpm
2299bd3c8d7a0a5ab525840fc453f1e1  httpd-devel-2.0.46-44.ent.s390x.rpm
51cc33598d9d4559f0daf860396e5ae5  mod_ssl-2.0.46-44.ent.s390x.rpm

x86_64:
1b8bce6493ff433f4fe8361b897d841e  httpd-2.0.46-44.ent.x86_64.rpm
7ce1eb8feef44ffdb30563484f214a61  httpd-devel-2.0.46-44.ent.x86_64.rpm
fc576fed7de6149c17d5158e87ec600c  mod_ssl-2.0.46-44.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-44.ent.src.rpm
118f06e0317eb7d5735990049199b354  httpd-2.0.46-44.ent.src.rpm

i386:
07294bc2ae372ae2c033f6c97a425371  httpd-2.0.46-44.ent.i386.rpm
f97f7661878d345e35e49ee5b903ee97  httpd-devel-2.0.46-44.ent.i386.rpm
7ff1d8de6d421d62b5f7c35df785304e  mod_ssl-2.0.46-44.ent.i386.rpm

x86_64:
1b8bce6493ff433f4fe8361b897d841e  httpd-2.0.46-44.ent.x86_64.rpm
7ce1eb8feef44ffdb30563484f214a61  httpd-devel-2.0.46-44.ent.x86_64.rpm
fc576fed7de6149c17d5158e87ec600c  mod_ssl-2.0.46-44.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-44.ent.src.rpm
118f06e0317eb7d5735990049199b354  httpd-2.0.46-44.ent.src.rpm

i386:
07294bc2ae372ae2c033f6c97a425371  httpd-2.0.46-44.ent.i386.rpm
f97f7661878d345e35e49ee5b903ee97  httpd-devel-2.0.46-44.ent.i386.rpm
7ff1d8de6d421d62b5f7c35df785304e  mod_ssl-2.0.46-44.ent.i386.rpm

ia64:
731331f101efda7820988a76265d5b29  httpd-2.0.46-44.ent.ia64.rpm
95451f6b0aaffbccffb8e77c88d36cc1  httpd-devel-2.0.46-44.ent.ia64.rpm
badd71a4a010b5b96d854de8b4ab14c5  mod_ssl-2.0.46-44.ent.ia64.rpm

x86_64:
1b8bce6493ff433f4fe8361b897d841e  httpd-2.0.46-44.ent.x86_64.rpm
7ce1eb8feef44ffdb30563484f214a61  httpd-devel-2.0.46-44.ent.x86_64.rpm
fc576fed7de6149c17d5158e87ec600c  mod_ssl-2.0.46-44.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-44.ent.src.rpm
118f06e0317eb7d5735990049199b354  httpd-2.0.46-44.ent.src.rpm

i386:
07294bc2ae372ae2c033f6c97a425371  httpd-2.0.46-44.ent.i386.rpm
f97f7661878d345e35e49ee5b903ee97  httpd-devel-2.0.46-44.ent.i386.rpm
7ff1d8de6d421d62b5f7c35df785304e  mod_ssl-2.0.46-44.ent.i386.rpm

ia64:
731331f101efda7820988a76265d5b29  httpd-2.0.46-44.ent.ia64.rpm
95451f6b0aaffbccffb8e77c88d36cc1  httpd-devel-2.0.46-44.ent.ia64.rpm
badd71a4a010b5b96d854de8b4ab14c5  mod_ssl-2.0.46-44.ent.ia64.rpm

x86_64:
1b8bce6493ff433f4fe8361b897d841e  httpd-2.0.46-44.ent.x86_64.rpm
7ce1eb8feef44ffdb30563484f214a61  httpd-devel-2.0.46-44.ent.x86_64.rpm
fc576fed7de6149c17d5158e87ec600c  mod_ssl-2.0.46-44.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://www.apacheweek.com/features/security-20
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBlOzSXlSAg2UNWIIRAv86AJ9x979dRjuv17HCCbnwE8bfCqnldwCeIslT
Ti3dLL7B4Y35loJaYQe/yNQ=
=OaFC
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC