PT-2008-3848 · Apache+1 · Apache Http Server+1

Publicado

2008-06-10

Atualizado

2024-06-15

CVE-2008-2364

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.63 and 2.2.8

Description: The issue is related to the handling of interim responses from an origin server when using the mod proxy http module. A remote HTTP server can cause a denial of service or high memory usage by sending a large number of interim responses. This is due to the ap proxy http process response function not limiting the number of forwarded interim responses.

Recommendations: For Apache HTTP Server version 2.0.63, update to a version that addresses this issue. For Apache HTTP Server version 2.2.8, update to a version that addresses this issue. As a temporary workaround, consider restricting access to the mod proxy http module to minimize the risk of exploitation.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

CVE-2008-2364

HPSBUX02365

HPSBUX02401

HPSBUX02465

OPENSUSE-SU-2024:10623-1

RHSA-2008:0966

RHSA-2008:0967

RHSA-2008_0967

RHSA-2010:0602

Produtos afetados

Apache Http Server

Red Hat

PT-2008-3848 · Apache+1 · Apache Http Server+1

CVE-2008-2364

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 151