(HP Issues Fix for HP-UX) Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1020778 |
|
SecurityTracker URL: http://securitytracker.com/id/1020778
|
|
CVE Reference:
CVE-2008-2364
(Links to External Site)
|
Date: Aug 28 2008
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.0.63, 2.2.8
|
Description:
A vulnerability was reported in Apache mod_proxy. A remote user can cause denial of service conditions.
A remote server can send a large number of interim responses to cause the target proxy service to consume excessive memory.
The vulnerability resides in 'modules/proxy/mod_proxy_http.c'.
Ryujiro Shibuya reported this vulnerability.
|
Impact:
A remote user can cause the target service to consume excessive memory.
|
Solution:
HP has issued a fix for HP-UX.
B.11.11 (IPv4 and IPv6): HPUXWSA-B219-03-1111ipv6.depot
B.11.23 PA-32: HPUXWSA-B219-03-1123-32.depot
B.11.23 IA-64: HPUXWSA-B219-03-1123-64.depot
B.11.31 PA-32: HPUXWSA-B219-03-1131-32.depot
B.11.31 IA-64: HPUXWSA-B219-03-1131-64.depot
The HP advisory is available at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
|
Vendor URL: httpd.apache.org/ (Links to External Site)
|
Cause:
Resource error
|
Underlying OS:
UNIX (HP/UX)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 28 Aug 2008 08:08:52 -0400
Subject: http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01539432
|
CVE-2007-4465, CVE-2008-2168, CVE-2008-2364
|
|
