[CCMC] Fwd: [sec-adv] Apache Type-Map Handler Denial of ServiceVulnerability

Wed, 09 Jul 2003 05:15:35 -0700




D�but du message r�exp�di� :

De: Secunia Security Advisories <[EMAIL PROTECTED]>
Date: Mer 9 juil 2003 13:32:51 Europe/Paris
�: [EMAIL PROTECTED]
Objet: [sec-adv] Apache Type-Map Handler Denial of Service Vulnerability


TITLE:
Apache Type-Map Handler Denial of Service Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9217/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
Local system

SOFTWARE:
Apache  2.0.x

DESCRIPTION:
A vulnerability has been reported in Apache HTTP Server, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service) on a vulnerable web server.

The vulnerability is caused due to an error in the type-map handler
when parsing type maps. By specifying a specially crafted file, a
malicious user can cause the web server to enter an infinite loop
resulting in a DoS.

The vulnerability has been reported in versions 2.0.43 to 2.0.46.
However, prior versions may also be affected.

SOLUTION:
Only trusted people should be granted access to systems.

Reportedly, this will be fixed in an upcoming version 2.0.47:
http://httpd.apache.org/

REPORTED BY / CREDITS:
Keigo Yamazaki (SecureNet Service).

ORIGINAL ADVISORY:
http://www.lac.co.jp/security/english/snsadv_e/66_e.html

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web     : http://www.secunia.com/
E-mail  : [EMAIL PROTECTED]
Tel     : +44 (0) 20 7016 2693
Fax     : +44 (0) 20 7637 0419

------------------------------------------------------------------------ ------

David Duhamel

http://home.nordnet.fr/~dduhamel/

AIM/iChat : dduhamel2001

Ou cet homme est mort, ou ma montre est arr�t�e !
                              (Groucho Marx)
Les minijupes, c'est comme les sondages : �a donne des id�es mais �a
cache l'essentiel.


--
PHOTO HALL Multimedia, leader en Telecom, Informatique,
Photo, Video, TV, Hifi. Surfez sur http://www.photohall.be
CyberCafe 2.0 <http://www.cybercafe.tv> Chaque Mardi 19h15 sur La 2!
Desabonnement par email :  <mailto:[EMAIL PROTECTED]>

Répondre à