(IBM Issues Fix for IBM HTTP Server) Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1012264
|
|
SecurityTracker URL: http://securitytracker.com/id?1012264
|
|
CVE Reference: CAN-2004-0942
(Links to External Site)
|
Date: Nov 19 2004
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.0.42, 2.0.42.1, 2.0.42.2, 2.0.47, 2.0.47.1
|
Description: A denial of service vulnerability was reported in the Apache web server. A remote user can consume excessive resources on the target system. IBM HTTP Server is affected.
Chintan Trivedi reported that a remote user can submit multiple, specially crafted HTTP GET requests containing spaces to cause denial
of service conditions on the target system.
The vendor later reported that the field length limit is not properly enforced
for certain malicious requests.
A demonstration exploit request is provided:
GET / HTTP/1.0\n
[space] x 8000\n
[space] x
8000\n
[space] x 8000\n
.
.
8000 times
|
Impact: A remote user can consume excessive resources on the target system.
|
Solution: IBM has issued an interim fix for the IBM HTTP Server, which is affected by this vulnerability. IBM APAR PQ94389 corrects this problem (APAR PQ97125), available at:
http://www.ibm.com/support/docview.wss?rs=177&&uid=swg24008324
|
Vendor URL: www.ibm.com/ (Links to External Site)
|
Cause: Resource error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 18 Nov 2004 22:51:33 -0500
Subject: [none]
|
> New Denial of Service exposures for releases of IBM HTTP Server V2.0 based on
> Apache HTTP Server V2.0
> Both exposures are resolved with the following interim fix for APAR PQ94389:
> http://www.ibm.com/support/docview.wss?rs=177&&uid=swg24008324
CVE: CAN-2004-0942 (APAR PQ97125), CVE: CAN-2004-0809 (APAR PQ94389)
Versions: 2.0.42, 2.0.42.1, 2.0.42.2, 2.0.47, 2.0.47.1
|
|
