This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:APACHE:BYTE-RANGE-LEAK
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Apache Range Byte Header Memory Leak
|
Release Date |
2010/09/05
|
Update Number |
1768
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Apache Range Byte Header Memory Leak
This signature detects attempts to exploit the usage of the Range byte header against an Apache server. A successful attack can create a memory leak that could be use to perform a memory exhaustion attack. Multiple signature events could mean that a denial-of-service (DoS) attack is currently being attempted.
Extended Description
Apache is prone to a denial of service when handling large CGI byterange requests.
Affected Products
- Apache_software_foundation apache 2.0.0
- Apache_software_foundation apache 2.0.0 A9
- Apache_software_foundation apache 2.0.28
- Apache_software_foundation apache 2.0.28 Beta
- Apache_software_foundation apache 2.0.32
- Apache_software_foundation apache 2.0.35
- Apache_software_foundation apache 2.0.36
- Apache_software_foundation apache 2.0.37
- Apache_software_foundation apache 2.0.38
- Apache_software_foundation apache 2.0.39
- Apache_software_foundation apache 2.0.40
- Apache_software_foundation apache 2.0.41
- Apache_software_foundation apache 2.0.42
- Apache_software_foundation apache 2.0.43
- Apache_software_foundation apache 2.0.44
- Apache_software_foundation apache 2.0.45
- Apache_software_foundation apache 2.0.46
- Apache_software_foundation apache 2.0.47
- Apache_software_foundation apache 2.0.48
- Apache_software_foundation apache 2.0.49
- Apache_software_foundation apache 2.0.50
- Apache_software_foundation apache 2.0.51
- Apache_software_foundation apache 2.0.52
- Apache_software_foundation apache 2.0.53
- Apache_software_foundation apache 2.0.54
- Apache_software_foundation apache 2.1.0
- Apache_software_foundation apache 2.1.1
- Apache_software_foundation apache 2.1.2
- Apache_software_foundation apache 2.1.3
- Apache_software_foundation apache 2.1.4
- Apache_software_foundation apache 2.1.5
- Avaya cvlan
- Avaya integrated_management 2.1.0
- Avaya integrated_management
- Conectiva linux 10.0.0
- Gentoo linux
- Hp hp-ux 11.0.0
- Hp hp-ux 11.0.0 4
- Hp hp-ux 11.11.0
- Hp hp-ux 11.23.0
- Hp hp-ux B.11.00
- Hp hp-ux B.11.11
- Hp hp-ux B.11.23
- Ibm http_server 2.0.42
- Ibm http_server 2.0.42 .1
- Ibm http_server 2.0.42 .2
- Ibm http_server 2.0.47
- Ibm http_server 2.0.47 .1
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva multi_network_firewall 2.0.0
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Red_hat fedora Core3
- Red_hat fedora Core4
- Sgi propack 3.0.0 SP6
- Sun solaris 10 X86
- Suse linux_personal 9.1.0 X86 64
- Suse linux_personal 9.2.0
- Suse linux_personal 9.2.0 X86 64
- Suse linux_personal 9.3.0
- Suse linux_personal 9.3.0 X86 64
- Suse linux_professional 9.0.0
- Suse linux_professional 9.0.0 X86 64
- Suse linux_professional 9.1.0
- Suse linux_professional 9.1.0 X86 64
- Suse linux_professional 9.2.0
- Suse linux_professional 9.2.0 X86 64
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
- Suse open-enterprise-server 9.0.0
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
- Trustix secure_enterprise_linux 2.0.0
- Trustix secure_linux 2.2.0
- Trustix secure_linux 3.0.0
- Turbolinux home
- Turbolinux multimedia
- Turbolinux personal
- Turbolinux turbolinux 10 F...
- Turbolinux turbolinux_desktop 10.0.0
- Turbolinux turbolinux_server 10.0.0
- Turbolinux turbolinux_server 7.0.0
- Turbolinux turbolinux_server 8.0.0
- Turbolinux turbolinux_workstation 7.0.0
- Turbolinux turbolinux_workstation 8.0.0
- Ubuntu ubuntu_linux 4.1.0 Ia32
- Ubuntu ubuntu_linux 4.1.0 Ia64
- Ubuntu ubuntu_linux 4.1.0 Ppc
- Ubuntu ubuntu_linux 5.0.0 4 Amd64
- Ubuntu ubuntu_linux 5.0.0 4 I386
- Ubuntu ubuntu_linux 5.0.0 4 Powerpc
References