Lucene search
Ubuntu.comUB:CVE-2008-2364HistoryJun 13, 2008 - 12:00 a.m.
CVE-2008-2364
2008-06-1300:00:00
ubuntu.com
ubuntu.com
9
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.0%
The ap_proxy_http_process_response function in mod_proxy_http.c in the
mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit
the number of forwarded interim responses, which allows remote HTTP servers
to cause a denial of service (memory consumption) via a large number of
interim responses.
Bugs
Notes
| Author | Note |
|---|---|
| kees | only a problem when the server being proxied is untrusted |
| jdstrand | PoC: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2008-2364.t?revision=666283&view=markup |
Related
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2008-06-13 18:41:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:29:44
openvas
openvas
IBM HTTP Server mod_proxy Interim Responses DoS Vulnerability
2008-09-25 00:00:00
Fedora Update for httpd FEDORA-2008-6314
2009-02-17 00:00:00
Fedora Update for httpd FEDORA-2008-6314
2009-02-17 00:00:00
nessus
nessus
Fedora 8 : httpd-2.2.9-1.fc8 (2008-6314)
2008-08-08 00:00:00
SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6035)
2009-09-24 00:00:00
openSUSE 10 Security Update : apache2 (apache2-6054)
2009-03-13 00:00:00
httpd
httpd
Apache Httpd < 2.2.9 : mod_proxy_http DoS
2008-05-29 00:00:00
Apache Httpd < 2.0.64 : mod_proxy_http DoS
2008-05-29 00:00:00
debiancve
debiancve
CVE-2008-2364
2008-06-13 18:41:00
fedora
fedora
[SECURITY] Fedora 8 Update: httpd-2.2.9-1.fc8
2008-08-07 23:57:20
[SECURITY] Fedora 9 Update: httpd-2.2.9-1.fc9
2008-08-07 23:48:09
cve
cve
CVE-2008-2364
2008-06-13 18:41:00
seebug
seebug
Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
2010-05-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
securityvulns
securityvulns
Apache multiple DoS conditions
2008-07-12 00:00:00
[ GLSA 200807-06 ] Apache: Denial of Service
2008-07-12 00:00:00
freebsd
freebsd
apache -- multiple vulnerabilities
2008-06-14 00:00:00
oraclelinux
oraclelinux
httpd security and bug fix update
2008-11-11 00:00:00
centos
centos
httpd, mod_ssl security update
2008-11-11 20:45:50
redhat
redhat
(RHSA-2008:0967) Moderate: httpd security and bug fix update
2008-11-11 00:00:00
gentoo
gentoo
Apache: Denial of service
2008-07-09 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2009-03-10 00:00:00
kaspersky
kaspersky
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.0%
Related for UB:CVE-2008-2364