Unisphere Networks Information for VU#944335

Apache web servers fail to handle chunks with a negative size

Status

Affected

Vendor Statement

CUSTOMER SERVICE TECHNICAL BULLETIN

SUBJECT: CERT Advisory CA-2002-17: Apache Web Server Chunk Handling Vulnerability
BULLETIN NUMBER: SSC_PSN-001
BULLETIN TYPE: Product Support Notification
AFFECTED PRODUCTS: SSC
ISSUE DATE: 06/26/2002
REVISION: 1.0

PROBLEM DESCRIPTION:
The CERT Coordination Center released an advisory on June 17, 2002 entitled, "CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability". The URL for the full text of the advisory can be found at:


AFFECTED PRODUCT(S):
SSC

SOLUTION:
The following releases of software have been found to suffer no negative effects from vulnerability outlined in CERT Advisory CA-2002-17:
    2-0-2p2
    2-0-3p2

All future releases of SSC will include the updated version of Apache web server that corrects this vulnerability.

Earlier releases of software may allow the execution of arbitrary code by remote attackers. Information needed to exploit this vulnerability is publicly known.

Affected releases include:
    2-0-0 -- 2-0-2p1
    2-0-3 -- 2-0-3p1

This Product Support Notification is publicly viewable on the Web at:

If you have any questions concerning this notice, or to obtain the latest patch release, please contact Unisphere Networks Customer Service.

Inside the U.S. call: (800) 424-2344
Outside the U.S. call: (978) 589-9000
Via the Web @ http://support.unispherenetworks.com
Via email @ support@unispherenetworks.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.