Short Name |
HTTP:APACHE:LONG-HEADER-DOS
|
Severity |
Minor
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
Apache Overly Long Header Denial of Service
|
Release Date |
2005/07/11
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Apache Overly Long Header Denial of Service
This signature detects attempts to exploit a known vulnerability against the Apache HTTP service. Apache 2.0.49 and earlier are vulnerable. Attackers can send overly long header lines to an Apache HTTP server attempting to create a denial of service (DoS). Patches are available.
Extended Description
Apache Web Server is reportedly affected by a memory allocation based denial of service vulnerability. This issue is due to a failure of the server to handle excessivley long HTTP header strings.
This issue would allow an attacker to cause the affected application to crash, denying service to legitimate users.
Although Apache version 2.0.49 reportedly affected by this issue, it is likely that earlier versions are affected as well.
Affected Products
- Apache_software_foundation apache 2.0.0
- Apache_software_foundation apache 2.0.0 A9
- Apache_software_foundation apache 2.0.28
- Apache_software_foundation apache 2.0.28 Beta
- Apache_software_foundation apache 2.0.32
- Apache_software_foundation apache 2.0.35
- Apache_software_foundation apache 2.0.36
- Apache_software_foundation apache 2.0.37
- Apache_software_foundation apache 2.0.38
- Apache_software_foundation apache 2.0.39
- Apache_software_foundation apache 2.0.40
- Apache_software_foundation apache 2.0.41
- Apache_software_foundation apache 2.0.42
- Apache_software_foundation apache 2.0.43
- Apache_software_foundation apache 2.0.44
- Apache_software_foundation apache 2.0.45
- Apache_software_foundation apache 2.0.46
- Apache_software_foundation apache 2.0.47
- Apache_software_foundation apache 2.0.48
- Apache_software_foundation apache 2.0.49
- Apple mac_os_x 10.2.8
- Apple mac_os_x 10.3.4
- Apple mac_os_x 10.3.5
- Apple mac_os_x_server 10.2.8
- Apple mac_os_x_server 10.3.4
- Apple mac_os_x_server 10.3.5
- Avaya converged_communications_server 2.0.0
- Avaya s8300 R2.0.0
- Avaya s8500 R2.0.0
- Avaya s8700 R2.0.0
- Conectiva linux 10.0.0
- Conectiva linux 9.0.0
- Gentoo linux 1.4.0
- Hp hp-ux B.11.00
- Hp hp-ux B.11.11
- Hp hp-ux B.11.22
- Hp hp-ux B.11.23
- Ibm http_server 2.0.42
- Ibm http_server 2.0.42 .1
- Ibm http_server 2.0.42 .2
- Ibm http_server 2.0.47
- Ibm http_server 2.0.47 .1
- Trustix secure_enterprise_linux 2.0.0
- Trustix secure_linux 1.5.0
- Trustix secure_linux 2.0
- Trustix secure_linux 2.0.0
- Trustix secure_linux 2.1.0
References