(IBM Issues Fix for IBM HTTP Server) Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1012939 |
|
SecurityTracker URL: http://securitytracker.com/id/1012939
|
|
CVE Reference:
CAN-2004-0942
(Links to External Site)
|
Date: Jan 19 2005
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A denial of service vulnerability was reported in the Apache web server. A remote user can consume excessive resources on the target system. The IBM HTTP Server is affected.
Chintan Trivedi reported that a remote user can submit multiple, specially crafted HTTP GET requests containing spaces to cause denial of service conditions on the target system.
The vendor later reported that the field length limit is not properly enforced for certain malicious requests.
A demonstration exploit request is provided:
GET / HTTP/1.0\n
[space] x 8000\n
[space] x 8000\n
[space] x 8000\n
.
.
8000 times
|
Impact:
A remote user can consume excessive resources on the target system.
|
Solution:
IBM has issued an interim fix for APAR PQ94389 for the IBM HTTP Server.
|
Vendor URL: www.ibm.com/ (Links to External Site)
|
Cause:
Resource error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 19 Jan 2005 01:17:39 -0500
Subject: [none]
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PQ94389: resolve CAN-2004-0809 and CAN-2004-0942 vulnerabilities
Downloadable files
Abstract
Resolve CAN-2004-0809 and CAN-2004-0942 vulnerabilities
Download Description
PQ94389 resolves the following problems:
Exposure 1: CAN-2004-0942 - PQ97125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
Exposure 2: CAN-2004-0809 - PQ94389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
SOLUTIONS
These two denial of service problems are resolved by the interim fix for APAR PQ94389.
Complete list of changes in this interim fix:
PQ94389 CAN-2004-0809 fix crash handling dav indirect lock
Handle rewrite rules in <Location > applying to WebSphere resource
Shut down worker MPM more quickly when processes are slow to exit
Fix expires handling with mod_cache
Reduce severity of message for TCP_NODELAY error
PQ97125 CAN-2004-0942 fix memory consumption dos for folded MIME headers
Add fatal exception hook for use by diagnostic modules
Log reason for failing to connect to session id cache
Fixed invalid info messages about non-FIPS cipher if FIPS enabled
Fixed timeout problem in mod_ibm_ssl under load
Fixed LDAP not escaping ctrl chars \,(,), and * as requred by RFC 2254
Changed LDAP queries to request minimal set of attributes
Checksum of e-fix files is as follows:
(as computed by cksum command)
25029496 5365760 2.0.42.2-PQ94389.aix.tar
4164901810 19353600 2.0.42.2-PQ94389.hpux.tar
4021862771 4413440 2.0.42.2-PQ94389.linux.tar
4240451631 4823040 2.0.42.2-PQ94389.linux390.tar
1673257879 6471680 2.0.42.2-PQ94389.linuxppc.tar
286315431 1903858 2.0.42.2-PQ94389.nt.zip
2944924587 11709440 2.0.42.2-PQ94389.sun.tar
2677619237 5160960 2.0.47.1-PQ94389.aix.tar
2870325091 19578880 2.0.47.1-PQ94389.hpux.tar
2723763000 4044800 2.0.47.1-PQ94389.linux.tar
2606538514 4761600 2.0.47.1-PQ94389.linux390.tar
2080354877 5621760 2.0.47.1-PQ94389.linuxppc.tar
1829172239 1982694 2.0.47.1-PQ94389.nt.zip
237984836 11278336 2.0.47.1-PQ94389.sun.tar
Prerequisites
This interim fix can be applied if customer previously installed 2.0.42.2-PQ85834, 2.0.42.2-PQ87339, 2.0.47-PQ85834, or
2.0.47.1. It should not be applied over earlier levels of IBM HTTP Server. Instead, customer should first upgrade to one of the
prerequisite levels.
Installation instructions
Please review the readme.txt for detailed installation instructions.
URL LANGUAGE SIZE(Bytes)
Readme US English 6063
Download package
Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
2.0.42.2-PQ94389.AIX 11/16/2004 US English 5365760 FTP
2.0.42.2-PQ94389.HPUX 11/16/2004 US English 19353600 FTP
2.0.42.2-PQ94389.Linux 11/16/2004 US English 4413440 FTP
2.0.42.2-PQ94389.Linux.zSeries 11/16/2004 US English 4823040 FTP
2.0.42.2-PQ94389.Linux.ipSeries 11/16/2004 US English 6471680 FTP
2.0.42.2-PQ94389.Windows 11/16/2004 US English 1903858 FTP
2.0.42.2-PQ94389.Solaris 11/16/2004 US English 11709440 FTP
2.0.47.1-PQ94389.AIX 11/16/2004 US English 5160960 FTP
2.0.47.1-PQ94389.HPUX 11/16/2004 US English 19578880 FTP
2.0.47.1-PQ94389.Linux 11/16/2004 US English 4044800 FTP
2.0.47.1-PQ94389.Linux.zSeries 11/16/2004 US English 4761600 FTP
2.0.47.1-PQ94389.Linux.ipSeries 11/16/2004 US English 5621760 FTP
2.0.47.1-PQ94389.Windows 11/16/2004 US English 1982694 FTP
2.0.47.1-PQ94389.Solaris 11/16/2004 US English 11278336 FTP
Technical support
1-800-IBM-SERV (U.S. Only)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: IBM MSS Advisory Service
iD8DBQFB7W80xetIpAeGAXARApsAAJ4heYBPAaHYdm2ENR8gpABvuqzEAQCghzaI
8H5D5uUwcwoF5CYQ/DCBnEc=
=8NvO
-----END PGP SIGNATURE-----
|
|
