Apache Solaris Support Code Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1022988 |
|
SecurityTracker URL: http://securitytracker.com/id/1022988
|
|
CVE Reference:
CVE-2009-2699
(Links to External Site)
|
Date: Oct 6 2009
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.2.13
|
Description:
A vulnerability was reported in Apache. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to trigger an error handling bug in the Solaris pollset support code and cause the target service to hang.
HWS reported this vulnerability.
|
Impact:
A remote user can cause the target service to hang.
|
Solution:
The vendor has issued a fix (2.2.14).
The vendor's advisory is available at:
http://www.apache.org/dist/httpd/CHANGES_2.2.14
|
Vendor URL: httpd.apache.org/ (Links to External Site)
|
Cause:
Exception handling error, State error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 6 Oct 2009 08:10:23 -0400
Subject: Apache httpd
|
http://www.apache.org/dist/httpd/CHANGES_2.2.14
*) SECURITY: CVE-2009-2699 (cve.mitre.org)
Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support
(Event Port backend) which could trigger hangs in the prefork and event
MPMs on that platform. PR 47645. [Jeff Trawick]
|
|
