PT-2008-3848 · Apache+1 · Apache Http Server+1

Published

2008-06-10

Updated

2024-06-15

CVE-2008-2364

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.63 and 2.2.8

Description: The issue is related to the handling of interim responses from an origin server when using the mod proxy http module. A remote HTTP server can cause a denial of service or high memory usage by sending a large number of interim responses. This is due to the ap proxy http process response function not limiting the number of forwarded interim responses.

Recommendations: For Apache HTTP Server version 2.0.63, update to a version that addresses this issue. For Apache HTTP Server version 2.2.8, update to a version that addresses this issue. As a temporary workaround, consider restricting access to the mod proxy http module to minimize the risk of exploitation.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2008-2364

HPSBUX02365

HPSBUX02401

HPSBUX02465

OPENSUSE-SU-2024:10623-1

RHSA-2008:0966

RHSA-2008:0967

RHSA-2008_0967

RHSA-2010:0602

Affected Products

Apache Http Server

Red Hat

PT-2008-3848 · Apache+1 · Apache Http Server+1

CVE-2008-2364

Weakness Enumeration

Related Identifiers

Affected Products

References · 151