Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS

2007-08-01T11:21:21
ID OSVDB:37051
Type osvdb
Reporter OSVDB
Modified 2007-08-01T11:21:21

Description

Solution Description

Upgrade to version 2.0.61, 2.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://httpd.apache.org/security/vulnerabilities_20.html Vendor Specific News/Changelog Entry: http://httpd.apache.org/security/vulnerabilities_22.html Security Tracker: 1018633 Secunia Advisory ID:26952 Secunia Advisory ID:28467 Secunia Advisory ID:26636 Secunia Advisory ID:26790 Secunia Advisory ID:27209 Secunia Advisory ID:26842 Secunia Advisory ID:27882 Secunia Advisory ID:26722 Secunia Advisory ID:27593 Secunia Advisory ID:27563 Secunia Advisory ID:27732 Secunia Advisory ID:27971 RedHat RHSA: RHSA-2007:0746 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-September/000241.html Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html Other Advisory URL: HPSBUX02273 SSRT071476: Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html Other Advisory URL: http://httpd.apache.org/security/vulnerabilities_20.html Other Advisory URL: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:235 Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm Other Advisory URL: http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200711-06.xml Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-11/msg00002.html Mail List Post: http://marc.info/?l=apache-cvs&m=118592992309395&w=2 Mail List Post: http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2 Mail List Post: http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2 FrSIRT Advisory: ADV-2007-3494 FrSIRT Advisory: ADV-2007-3095 FrSIRT Advisory: ADV-2007-3283 FrSIRT Advisory: ADV-2007-3020 CVE-2007-3847 Bugtraq ID: 25489