SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Compaq Secure Web Server Vendors:   HPE
(HP Issues Fix for CSWS) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
SecurityTracker Alert ID:  1011991
SecurityTracker URL:  http://securitytracker.com/id/1011991
CVE Reference:   CVE-2004-0786   (Links to External Site)
Date:  Oct 29 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.3.2a
Description:   A vulnerability was reported in the Apache web server in the processing of IPv6 addresses. A remote user may be able to cause denial of service conditions. HP's Secure Web Server is affected.

The vendor reported that there is an input validation flaw in the IPv6 literal address parsing. A remote user may be able to cause a negative length parameter to be passed to a memcpy() function, resulting in a segmentation fault.

The flaw resides in 'apr-util/test/testuri.c' and 'apr-util/uri/apr_uri.c'.

Impact:   A remote user may be able to cause denial of service conditions.
Solution:   HP has provided a patched version of the Secure Web Server (6.3.2a) for Tru64 UNIX, available at:

http://h30097.www3.hp.com/internet/download.htm

HP plans to include the fix in the future mainstream version 6.4 of HP Internet Express for Tru64UNIX (IX).

Vendor URL:  www.hp.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Tru64)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 16 2004 Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC