(IBM Issues Fix for IBM HTTP Server) Apache mod_proxy Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018669 |
|
SecurityTracker URL: http://securitytracker.com/id/1018669
|
|
CVE Reference:
CVE-2007-3847
(Links to External Site)
|
Date: Sep 10 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Apache mod_proxy. A remote user can cause denial of service conditions. IBM HTTP Server is affected.
A remote user can send a specially crafted request via the target server (when configured as a reverse proxy) to cause the target child process to crash.
A remote user can create specially crafted HTML that, when loaded by target user via the target server (when configured as a forward proxy) to case the target child process to crash.
This may cause denial of service conditions on systems using a threaded Multi-Processing Module.
|
Impact:
A remote user can cause denial of service conditions.
|
Solution:
IBM has issued a fix for the IBM HTTP Server (PK50469), which is affected by this vulnerability.
The fix is planned for inclusion in fix pack 6.1.0.13 and fix pack 6.0.2.23.
The IBM advisory is available at:
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 10 Sep 2007 08:58:28 -0400
Subject: IBM HTTP Server
|
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469
PK50469: CVE-2007-3847 PROXY BUFFER OVER-READ VULNERABILITY
|
|
