Hewlett-Packard Company Information for VU#944335
Apache web servers fail to handle chunks with a negative size
- Vendor Information Help Date Notified: 14 Jun 2002
- Statement Date:
- Date Updated: 15 Jul 2002
HP makes the Apache Server available for customers as a bundled software package called "HP Apache." New updates are available temporarily via ftp from a site located at hprc.external.hp.com.
When the new updates are available at www.software.hp.com, the Hewlett-Packard Company Security Bulletin HPSBUX0207-197 will be updated.
To retrieve the updates from the temporary ftp site, use a browser to connect to:
There are two subdirectories containing depots of swinstallable binaries with a ".t" extension, one for Apache 2.0.39 (11.00 and 11.11) and one for Apache 1.3.26 (11.00 and 11.11).
HP Virtualvault (HP-UX 11.04) patches are available from itrc.hp.com with ID's of PHSS_27361 and PHSS_27371.
For full details, see Hewlett-Packard Company Security Bulletin HPSBUX0207-197, available on itrc.hp.com. Search for "Apache chunk"
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett Packard has published security advisory HPSBUX0207-197 on this issue.
If you have feedback, comments, or additional information about this vulnerability, please send us email.