PT-2001-2465 · Apache · Apache+1

Published

2001-05-12

Updated

2021-06-06

CVE-2001-1342

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache versions prior to 1.3.20

Description A denial of service issue exists where a remote attacker can cause a General Protection Fault (GPF) by submitting a specially crafted HTTP request with a large number of / (slash) or other characters in the URI. This causes certain functions to dereference a null pointer, leading to a denial of service. The issue affects the Win32 and OS2 ports of Apache and can bring up a message box that must be cleared by the operator to resume operation. No means to compromise the server beyond a denial of service have been identified.

Recommendations For Apache versions prior to 1.3.20, update to version 1.3.20 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1342

Affected Products

Apache

Apache Http Server

PT-2001-2465 · Apache · Apache+1

CVE-2001-1342

Related Identifiers

Affected Products

References · 15