Vulnerability Note VU#206537
Apache vulnerable to DoS
A remotely exploitable denial-of-service vulnerability exists in the Apache HTTP Server. Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition.
The Apache HTTP Server is a very popular freely available web server that runs on a variety of operating systems, including UNIX, Linux, and Microsoft Windows (Win32).
A vulnerability exists in the way the Apache HTTP Server handles excessively large chunks of consecutive linefeed characters. Apache 2.0.44 (both the Windows & UNIX implementations) contains this vulnerability. Prior 2.x versions of Apache may contain the vulnerability. For more information, please see the iDEFENSE Advisory.
Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apache Software Foundation||Affected||-||08 Apr 2003|
|Apple Computer Inc.||Affected||08 Apr 2003||11 Apr 2003|
|Conectiva||Affected||08 Apr 2003||01 May 2003|
|Debian||Affected||-||08 Apr 2003|
|Gentoo Linux||Affected||-||09 Apr 2003|
|Hewlett-Packard Company||Affected||08 Apr 2003||18 Sep 2003|
|MandrakeSoft||Affected||08 Apr 2003||18 Sep 2003|
|Red Hat Inc.||Affected||08 Apr 2003||10 Apr 2003|
|SGI||Affected||08 Apr 2003||18 Sep 2003|
|Engarde||Not Affected||08 Apr 2003||08 Apr 2003|
|Foundry Networks Inc.||Not Affected||08 Apr 2003||10 Apr 2003|
|Fujitsu||Not Affected||08 Apr 2003||17 Apr 2003|
|Hitachi||Not Affected||08 Apr 2003||14 Apr 2003|
|IBM||Not Affected||08 Apr 2003||09 Apr 2003|
|Xerox Corporation||Not Affected||08 Apr 2003||30 May 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by iDEFENSE Inc. The CERT/CC thanks iDEFENSE Inc. for the information contained in their document, upon which this document is based.
This document was written by Ian A Finlay.
- CVE IDs: CAN-2003-0132
- Date Public: 08 Apr 2003
- Date First Published: 08 Apr 2003
- Date Last Updated: 18 Sep 2003
- Severity Metric: 9.72
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.