Signature Detail

HTTP: Apache Range Byte Header Memory Leak

This signature detects attempts to exploit the usage of the Range byte header against an Apache server. A successful attack can create a memory leak that could be use to perform a memory exhaustion attack. Multiple signature events could mean that a denial-of-service (DoS) attack is currently being attempted.

Extended Description

Apache is prone to a denial of service when handling large CGI byterange requests.

Affected Products

• Apache Software Foundation Apache 2.0.0
• Apache Software Foundation Apache 2.0.0 A9
• Apache Software Foundation Apache 2.0.28
• Apache Software Foundation Apache 2.0.28 Beta
• Apache Software Foundation Apache 2.0.32
• Apache Software Foundation Apache 2.0.35
• Apache Software Foundation Apache 2.0.36
• Apache Software Foundation Apache 2.0.37
• Apache Software Foundation Apache 2.0.38
• Apache Software Foundation Apache 2.0.39
• Apache Software Foundation Apache 2.0.40
• Apache Software Foundation Apache 2.0.41
• Apache Software Foundation Apache 2.0.42
• Apache Software Foundation Apache 2.0.43
• Apache Software Foundation Apache 2.0.44
• Apache Software Foundation Apache 2.0.45
• Apache Software Foundation Apache 2.0.46
• Apache Software Foundation Apache 2.0.47
• Apache Software Foundation Apache 2.0.48
• Apache Software Foundation Apache 2.0.49
• Apache Software Foundation Apache 2.0.50
• Apache Software Foundation Apache 2.0.51
• Apache Software Foundation Apache 2.0.52
• Apache Software Foundation Apache 2.0.53
• Apache Software Foundation Apache 2.0.54
• Apache Software Foundation Apache 2.1.0
• Apache Software Foundation Apache 2.1.1
• Apache Software Foundation Apache 2.1.2
• Apache Software Foundation Apache 2.1.3
• Apache Software Foundation Apache 2.1.4
• Apache Software Foundation Apache 2.1.5
• Avaya CVLAN
• Avaya Integrated Management 2.1.0
• Avaya Integrated Management
• Conectiva Linux 10.0.0
• Gentoo Linux
• HP HP-UX 11.0.0
• HP HP-UX 11.0.0 4
• HP HP-UX 11.11.0
• HP HP-UX 11.23.0
• HP HP-UX B.11.00
• HP HP-UX B.11.11
• HP HP-UX B.11.23
• IBM HTTP Server 2.0.42
• IBM HTTP Server 2.0.42 .1
• IBM HTTP Server 2.0.42 .2
• IBM HTTP Server 2.0.47
• IBM HTTP Server 2.0.47 .1
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Multi Network Firewall 2.0.0
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora Core3
• Red Hat Fedora Core4
• SGI ProPack 3.0.0 SP6
• Sun Solaris 10 X86
• SuSE Linux Personal 9.1.0 X86 64
• SuSE Linux Personal 9.2.0
• SuSE Linux Personal 9.2.0 X86 64
• SuSE Linux Personal 9.3.0
• SuSE Linux Personal 9.3.0 X86 64
• SuSE Linux Professional 9.0.0
• SuSE Linux Professional 9.0.0 X86 64
• SuSE Linux Professional 9.1.0
• SuSE Linux Professional 9.1.0 X86 64
• SuSE Linux Professional 9.2.0
• SuSE Linux Professional 9.2.0 X86 64
• SuSE Linux Professional 9.3.0
• SuSE Linux Professional 9.3.0 X86 64
• SuSE Open-Enterprise-Server 9.0.0
• SuSE SUSE Linux Enterprise Server 8
• SuSE SUSE Linux Enterprise Server 9
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0
• Turbolinux Home
• Turbolinux Multimedia
• Turbolinux Personal
• Turbolinux 10 F...
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 7.0.0
• Turbolinux Turbolinux Server 8.0.0
• Turbolinux Turbolinux Workstation 7.0.0
• Turbolinux Turbolinux Workstation 8.0.0
• Ubuntu Ubuntu Linux 4.1.0 Ia32
• Ubuntu Ubuntu Linux 4.1.0 Ia64
• Ubuntu Ubuntu Linux 4.1.0 Ppc
• Ubuntu Ubuntu Linux 5.0.0 4 Amd64
• Ubuntu Ubuntu Linux 5.0.0 4 I386
• Ubuntu Ubuntu Linux 5.0.0 4 Powerpc

References

• BugTraq: 14660
• CVE: CVE-2005-2728
• URL: http://issues.apache.org/bugzilla/show_bug.cgi?id=29962
• URL: http://www.gentoo.org/security/en/glsa/glsa-200508-15.xml