SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Web Server/CGI)  >   IBM HTTP Server (IHS) Vendors:   IBM
(IBM Issues Fix for IBM HTTP Server) Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
SecurityTracker Alert ID:  1010804
SecurityTracker URL:  http://securitytracker.com/id/1010804
CVE Reference:   CAN-2004-0493   (Links to External Site)
Date:  Jul 29 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.42, 2.0.42.1, 2.0.42.2, 2.0.47, 2.0.47.1
Description:   A denial of service vulnerability was reported in the Apache web server in the folding of header lines. A remote user can cause the application to consume arbitrary amounts of memory. The IBM HTTP Server is affected.

Georgi Guninski reported that a remote user can send header lines that begin with a tab or space character to cause ap_get_mime_headers_core() in 'server/protocol.c' to allocate memory for the header line. A remote user can reportedly send a large number of specially crafted header lines to cause Apache to consume all available memory on the target system and crash.

The report indicates that on 64-bit systems that have more than 4GB of virtual memory, a remote user may be able to trigger a heap-based buffer overflow, but it is not clear whether this can be exploited to execute arbitrary code or not.

The vendor has reportedly been notified.

The original advisory is available at:

http://www.guninski.com/httpd1.html
Impact:   A remote user can cause the httpd process to crash.
Solution:   The vendor has issued an interim fix for APAR PQ90698, available at:

http://www.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg24007451

The fix will be included in subsequent releases of IBM HTTP Server.
Vendor URL:  www.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21174271&loc=en_US&cs=utf-8&lang=en+en (Links to External Site)
Cause:   Resource error
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 28 2004 Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server


 Source Message Contents
Date:  Wed, 28 Jul 2004 22:32:30 -0400
Subject:  http://www.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21174271&loc=en_US&cs=utf-8&lang=en+en


http://www.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21174271&
loc=en_US&cs=utf-8&lang=en+en

Reference #: 1174271

Version:  2.0.42, 2.0.42.1, 2.0.42.2, 2.0.47, 2.0.47.1

 > Potential denial of service exposure through memory exhaustion and buffer overflow
 > for all current versions of IBM HTTP Server based on Apache HTTP Server Version 2.0
 > (PQ90698)

IBM reported that the IBM® HTTP Server is vulnerable to the bug described in CVE 
CAN-2004-0493.

A remote user can potentially exhaust memory or trigger a buffer overflow to execute 
arbitrary code.

The vendor has issued an interim fix for APAR PQ90698, available at:

http://www.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg24007451

The fix will be included in subsequent releases of IBM HTTP Server.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC