Miembros de
Boletines de Vulnerabilidades |
Denegación de Servicio en Apache 2.0 |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Principiante |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado |
Apache httpd <=2.0.52 IBM® HTTP Server V2.0 |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en la versión 2.0.52 y anteriores de la rama 2.0.x del servidor Web Apache. La vulnerabilidad reside en el tratamiento de las peticiones GET que incluyen una cabecera MIME especialmente diseñada. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar un consumo elevado de CPU que podría llevar a una denegación de servicio del sistema mediante el envío de una petición GET que incluya una cabecera MIME con múltiples líneas y con un gran número de espacios. |
|
Solución |
|
|
Actualización de software Apache Apache httpd 2.0.53 http://httpd.apache.org/download.cgi Mandrake Linux Mandrake Linux 9.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-common-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-devel-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-manual-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_cache-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_dav-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_deflate-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_ldap-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_proxy-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_ssl-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-modules-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-source-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libapr0-2.0.47-6.12.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/apache2-2.0.47-6.12.92mdk.src.rpm Mandrake Linux 9.2/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-common-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-devel-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-manual-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-modules-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-source-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64apr0-2.0.47-6.12.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/apache2-2.0.47-6.12.92mdk.src.rpm Mandrake Linux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-common-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-devel-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-manual-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_cache-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_dav-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_deflate-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_ldap-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_proxy-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_ssl-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-modules-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-source-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libapr0-2.0.48-6.8.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/apache2-2.0.48-6.8.100mdk.src.rpm Mandrake Linux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-common-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-devel-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-manual-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-modules-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-source-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64apr0-2.0.48-6.8.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/apache2-2.0.48-6.8.100mdk.src.rpm Mandrake Linux 10.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-common-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-devel-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-manual-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_cache-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_dav-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_deflate-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_ldap-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_proxy-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-modules-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-source-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-worker-2.0.50-7.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/apache2-2.0.50-7.2.101mdk.src.rpm Mandrake Linux 10.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-common-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-devel-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-manual-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-modules-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-source-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-worker-2.0.50-7.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/apache2-2.0.50-7.2.101mdk.src.rpm IBM APAR PQ97125 http://www.ibm.com/support/docview.wss?rs=177&&uid=swg24008324 SUSE Descargue los parches disponibles mediante Yast HP-UX HP-UX B.11.00 Instalar hpuxwsAPACHE A.2.0.53.00 HP-UX B.11.11 Instalar hpuxwsAPACHE A.2.0.53.00 HP-UX B.11.22 Migrar a HP-UX B.11.23 HP-UX B.11.23 Instalar hpuxwsAPACHE B.2.0.53.00 HP-UX B.11.04 / Virtualvault A.04.70 (Apache 2.x) Instalar PHSS_33075 Sun (102198) Solaris 10 / SPARC / patch 120543-02 Solaris 10 / x86 / patch 120544-02 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CAN-2004-0942 |
| BID | |
Recursos adicionales |
|
|
Overview of security vulnerabilities in Apache httpd 2.0 http://www.apacheweek.com/features/security-20 Mandrake Linux Security Advisories (MDKSA-2004:135) http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:135 IBM Flash (Alert) 21190212 http://www-1.ibm.com/support/docview.wss?uid=swg21190212 SUSE LINUX Maintenance Web http://portal.suse.com/psdb/91ec22b46babba982fa9b8cd69030968.html HP SECURITY BULLETIN HPSBUX01123 http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123 Sun Alert Notification (102198) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2004-11-04 |
| 1.1 | Aviso emitido por Mandrake Linux (MDKSA-2004:135) | 2004-11-18 |
| 2.0 | Exploit público disponible | 2004-11-19 |
| 2.1 | Aviso emitido por IBM (21190212) | 2004-11-22 |
| 2.2 | Aviso emitido por SUSE | 2004-11-23 |
| 2.3 | Publicado Apache httpd 2.0.53 | 2005-02-28 |
| 2.4 | Aviso emitido por HP (HPSBUX01123) | 2005-03-23 |
| 2.5 | Aviso actualizado por HP (HPSBUX01123) | 2005-08-01 |
| 2.6 | Aviso emitido por Sun (102198) | 2006-03-03 |
| 2.7 | Aviso actualizado por Sun (102198) | 2006-04-13 |
| 2.8 | Aviso actualizado por Sun (102198) | 2006-09-12 |