(Sun Issues Advisory) Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1021416 |
|
SecurityTracker URL: http://securitytracker.com/id/1021416
|
|
CVE Reference:
CVE-2008-2364
(Links to External Site)
|
Date: Dec 16 2008
|
Impact:
Denial of service via network
|
Vendor Confirmed: Yes
|
Version(s): 2.0.63, 2.2.8
|
Description:
A vulnerability was reported in Apache mod_proxy. A remote user can cause denial of service conditions.
A remote server can send a large number of interim responses to cause the target proxy service to consume excessive memory.
The vulnerability resides in 'modules/proxy/mod_proxy_http.c'.
Ryujiro Shibuya reported this vulnerability.
|
Impact:
A remote user can cause the target service to consume excessive memory.
|
Solution:
Sun is working on a fix.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247666-1
|
Vendor URL: httpd.apache.org/ (Links to External Site)
|
Cause:
Resource error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
