SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Portable Runtime Library Vendors:   Apache Software Foundation
Apache Portable Runtime Library Named Pipe Blocking Flaw Lets Local Users Deny Service
SecurityTracker Alert ID:  1032617
SecurityTracker URL:  http://securitytracker.com/id/1032617
CVE Reference:   CVE-2015-1829   (Links to External Site)
Date:  Jun 18 2015
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.5.2
Description:   A vulnerability was reported in Apache Portable Runtime Library. A local user can cause denial of service conditions on the target system.

A local user can conduct a "pipe squatting attack" to deny service to an application using the Apache Portable Runtime (APR).

The specific impact depends on the application using the APR library.

Windows-based systems are affected.

John Hernandez of Casaba Security reported this vulnerability via HP SSRT.

Impact:   A local user can cause denial of service conditions on the target system.
Solution:   The vendor has issued a fix (1.5.2) [in April 2015].

The vendor's advisory is available at:

http://www.apache.org/dist/apr/Announcement1.x.html

Vendor URL:  www.apache.org/dist/apr/Announcement1.x.html (Links to External Site)
Cause:   Resource error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 18 2015 (IBM Issues Fix for IBM HTTP Server (IHS)) Apache Portable Runtime Library Named Pipe Blocking Flaw Lets Local Users Deny Service
IBM has issued a fix for IBM HTTP Server (IHS).
Jun 18 2015 (IBM Issues Fix for IBM Rational RequisitePro) Apache Portable Runtime Library Named Pipe Blocking Flaw Lets Local Users Deny Service
IBM has issued an advisory for IBM Rational RequisitePro.
Oct 20 2015 (Oracle Issues Fix for Oracle HTTP Server) Apache Portable Runtime Library Named Pipe Blocking Flaw Lets Local Users Deny Service
Oracle has issued a fix for Oracle HTTP Server.
Nov 20 2015 (IBM Issues Fix for IBM Tivoli Monitoring) Apache Portable Runtime Library Named Pipe Blocking Flaw Lets Local Users Deny Service
IBM has issued a fix for IBM Tivoli Monitoring.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC