SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache HTTPD Vendors:   Apache Software Foundation
Apache SSL Connection Abort State Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1011340
SecurityTracker URL:  http://securitytracker.com/id/1011340
CVE Reference:   CVE-2004-0748   (Links to External Site)
Date:  Sep 17 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 2.0.51
Description:   A vulnerability was reported in Apache in the processing of SSL connections. A remote user can cause a child process to enter an infinite loop.

Francis Wai reported that a remote user can abort an SSL connection in a certain manner to cause the child process to enter an infinite loop. This can be repeated to cause denial of service conditions on the target system.

The flaw resides in ssl_io_input_getline().

Impact:   A remote user can cause denial of service conditions on the target system.
Solution:   The vendor has released a fixed version (2.0.51), available at:

http://httpd.apache.org/download.cgi?update=200409150645

Vendor URL:  nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 15 2004 (Fedora Issues Fix) Apache SSL Connection Abort State Error Lets Remote Users Deny Service
Fedora has released a fix for Red Hat Linux 9 and Fedora Core 1.
Oct 27 2004 (HP Issues Fix for HP-UX) Apache SSL Connection Abort State Error Lets Remote Users Deny Service
HP has issued a fixed version for HP-UX.
Dec 2 2004 (Apple Issues Fix for OS X) Apache SSL Connection Abort State Error Lets Remote Users Deny Service
Apple has issued a fix for Apache on Mac OS X.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC