Signature Detail
Short Name |
HTTP:APACHE:LDAPFS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache auth_ldap Username Format String |
Release Date |
2009/04/27 |
Update Number |
1419 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache auth_ldap Username Format String
This signature detects attempts to exploit a known vulnerability against Apache. Attackers can cause a denial-of-service attack or execute arbitrary code.
Extended Description
The Apache Software Foundation has released version 2.0.46, which addresses a vulnerability in the web server. This is due to a potential memory management issue in the apr_psprintf() Apache Portable Runtime (APR) library. Exploitation could occur through mod_dav or other components. It has also been conjectured that exploitation could allow for execution of arbitrary code. Further details regarding this issue are pending from the vendor.
Affected Products
- Apache Software Foundation Apache 1.3.0
- Apache Software Foundation Apache 1.3.1
- Apache Software Foundation Apache 1.3.11
- Apache Software Foundation Apache 1.3.12
- Apache Software Foundation Apache 1.3.13
- Apache Software Foundation Apache 1.3.14
- Apache Software Foundation Apache 1.3.14 Mac
- Apache Software Foundation Apache 1.3.15
- Apache Software Foundation Apache 1.3.16
- Apache Software Foundation Apache 1.3.17
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.25
- Apache Software Foundation Apache 1.3.26
- Apache Software Foundation Apache 1.3.27
- Apache Software Foundation Apache 1.3.3
- Apache Software Foundation Apache 1.3.4
- Apache Software Foundation Apache 1.3.6
- Apache Software Foundation Apache 1.3.7 -Dev
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache 2.0.0
- Apache Software Foundation Apache 2.0.0 A9
- Apache Software Foundation Apache 2.0.28
- Apache Software Foundation Apache 2.0.28 Beta
- Apache Software Foundation Apache 2.0.28 -BETA
- Apache Software Foundation Apache 2.0.32
- Apache Software Foundation Apache 2.0.32 -BETA
- Apache Software Foundation Apache 2.0.34 -BETA
- Apache Software Foundation Apache 2.0.35
- Apache Software Foundation Apache 2.0.36
- Apache Software Foundation Apache 2.0.37
- Apache Software Foundation Apache 2.0.38
- Apache Software Foundation Apache 2.0.39
- Apache Software Foundation Apache 2.0.40
- Apache Software Foundation Apache 2.0.41
- Apache Software Foundation Apache 2.0.42
- Apache Software Foundation Apache 2.0.43
- Apache Software Foundation Apache 2.0.44
- Apache Software Foundation Apache 2.0.45
- HP Apache-Based Web Server 1.3.27 .00
- HP Apache-Based Web Server 1.3.27 .01
- HP Apache-Based Web Server 1.3.27 .02
- HP Apache-Based Web Server 2.0.43 .00
- HP Apache-Based Web Server 2.0.43 .04
- HP HP-UX Apache-Based Web Server 1.0.0 .01
- HP HP-UX Apache-Based Web Server 1.0.0 .02.01
- HP HP-UX Apache-Based Web Server 1.0.0 .03.01
- HP HP-UX Apache-Based Web Server 1.0.0 .04.01
- HP HP-UX Apache-Based Web Server 1.0.0 .05.01
- HP HP-UX Apache-Based Web Server 1.0.1 .01
- Red Hat httpd-2.0.40-21.i386.rpm
- Red Hat httpd-2.0.40-8.i386.rpm
- Red Hat httpd-devel-2.0.40-21.i386.rpm
- Red Hat httpd-devel-2.0.40-8.i386.rpm
- Red Hat httpd-manual-2.0.40-21.i386.rpm
- Red Hat httpd-manual-2.0.40-8.i386.rpm
- Red Hat mod_ssl-2.0.40-21.i386.rpm
- Red Hat mod_ssl-2.0.40-8.i386.rpm
References
- BugTraq: 7723
- BugTraq: 16153
- CVE: CVE-2006-0150
- CVE: CVE-2003-0245
- CVE: CVE-2005-3656