Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:APR-PSPRINTF-MC |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache APR_PSPrintf Memory Corruption |
Release Date |
2011/03/03 |
Update Number |
1876 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache APR_PSPrintf Memory Corruption
This signature detects attempts to exploit a known vulnerability against the Apache HTTP service. Attackers can send overly long header lines to an Apache HTTP server attempting to create a denial of service (DoS) and possibly execute arbitrary code through long strings.
Extended Description
The Apache Software Foundation has released version 2.0.46, which addresses a vulnerability in the web server. This is due to a potential memory management issue in the apr_psprintf() Apache Portable Runtime (APR) library. Exploitation could occur through mod_dav or other components. It has also been conjectured that exploitation could allow for execution of arbitrary code. Further details regarding this issue are pending from the vendor.
Affected Products
- Apache_software_foundation apache 1.3.0
- Apache_software_foundation apache 1.3.1
- Apache_software_foundation apache 1.3.11
- Apache_software_foundation apache 1.3.12
- Apache_software_foundation apache 1.3.13
- Apache_software_foundation apache 1.3.14
- Apache_software_foundation apache 1.3.14 Mac
- Apache_software_foundation apache 1.3.15
- Apache_software_foundation apache 1.3.16
- Apache_software_foundation apache 1.3.17
- Apache_software_foundation apache 1.3.18
- Apache_software_foundation apache 1.3.19
- Apache_software_foundation apache 1.3.20
- Apache_software_foundation apache 1.3.22
- Apache_software_foundation apache 1.3.23
- Apache_software_foundation apache 1.3.24
- Apache_software_foundation apache 1.3.25
- Apache_software_foundation apache 1.3.26
- Apache_software_foundation apache 1.3.27
- Apache_software_foundation apache 1.3.3
- Apache_software_foundation apache 1.3.4
- Apache_software_foundation apache 1.3.6
- Apache_software_foundation apache 1.3.7 -Dev
- Apache_software_foundation apache 1.3.9
- Apache_software_foundation apache 2.0.0
- Apache_software_foundation apache 2.0.0 A9
- Apache_software_foundation apache 2.0.28
- Apache_software_foundation apache 2.0.28 Beta
- Apache_software_foundation apache 2.0.28 -BETA
- Apache_software_foundation apache 2.0.32
- Apache_software_foundation apache 2.0.32 -BETA
- Apache_software_foundation apache 2.0.34 -BETA
- Apache_software_foundation apache 2.0.35
- Apache_software_foundation apache 2.0.36
- Apache_software_foundation apache 2.0.37
- Apache_software_foundation apache 2.0.38
- Apache_software_foundation apache 2.0.39
- Apache_software_foundation apache 2.0.40
- Apache_software_foundation apache 2.0.41
- Apache_software_foundation apache 2.0.42
- Apache_software_foundation apache 2.0.43
- Apache_software_foundation apache 2.0.44
- Apache_software_foundation apache 2.0.45
- Hp apache-based_web_server 1.3.27 .00
- Hp apache-based_web_server 1.3.27 .01
- Hp apache-based_web_server 1.3.27 .02
- Hp apache-based_web_server 2.0.43 .00
- Hp apache-based_web_server 2.0.43 .04
- Hp hp-ux_apache-based_web_server 1.0.0 .01
- Hp hp-ux_apache-based_web_server 1.0.0 .02.01
- Hp hp-ux_apache-based_web_server 1.0.0 .03.01
- Hp hp-ux_apache-based_web_server 1.0.0 .04.01
- Hp hp-ux_apache-based_web_server 1.0.0 .05.01
- Hp hp-ux_apache-based_web_server 1.0.1 .01
- Red_hat httpd-2.0.40-21.i386.rpm
- Red_hat httpd-2.0.40-8.i386.rpm
- Red_hat httpd-devel-2.0.40-21.i386.rpm
- Red_hat httpd-devel-2.0.40-8.i386.rpm
- Red_hat httpd-manual-2.0.40-21.i386.rpm
- Red_hat httpd-manual-2.0.40-8.i386.rpm
- Red_hat mod_ssl-2.0.40-21.i386.rpm
- Red_hat mod_ssl-2.0.40-8.i386.rpm
References
- BugTraq: 7723
- CVE: CVE-2003-0245