SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   IBM HTTP Server (IHS) Vendors:   IBM
(IBM Issues Fix for IBM HTTP Server) Apache mod_proxy Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1018669
SecurityTracker URL:  http://securitytracker.com/id/1018669
CVE Reference:   CVE-2007-3847   (Links to External Site)
Date:  Sep 10 2007
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Apache mod_proxy. A remote user can cause denial of service conditions. IBM HTTP Server is affected.

A remote user can send a specially crafted request via the target server (when configured as a reverse proxy) to cause the target child process to crash.

A remote user can create specially crafted HTML that, when loaded by target user via the target server (when configured as a forward proxy) to case the target child process to crash.

This may cause denial of service conditions on systems using a threaded Multi-Processing Module.

Impact:   A remote user can cause denial of service conditions.
Solution:   IBM has issued a fix for the IBM HTTP Server (PK50469), which is affected by this vulnerability.

The fix is planned for inclusion in fix pack 6.1.0.13 and fix pack 6.0.2.23.

The IBM advisory is available at:

http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469

Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 30 2007 Apache mod_proxy Bug Lets Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC