Unisphere Networks Information for VU#944335
Apache web servers fail to handle chunks with a negative size
- Vendor Information Help Date Notified: 14 Jun 2002
- Statement Date:
- Date Updated: 27 Jun 2002
CUSTOMER SERVICE TECHNICAL BULLETIN
SUBJECT: CERT Advisory CA-2002-17: Apache Web Server Chunk Handling Vulnerability
BULLETIN NUMBER: SSC_PSN-001
BULLETIN TYPE: Product Support Notification
AFFECTED PRODUCTS: SSC
ISSUE DATE: 06/26/2002
The CERT Coordination Center released an advisory on June 17, 2002 entitled, "CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability". The URL for the full text of the advisory can be found at:
The following releases of software have been found to suffer no negative effects from vulnerability outlined in CERT Advisory CA-2002-17:
All future releases of SSC will include the updated version of Apache web server that corrects this vulnerability.
Earlier releases of software may allow the execution of arbitrary code by remote attackers. Information needed to exploit this vulnerability is publicly known.
Affected releases include:
- 2-0-0 -- 2-0-2p1
2-0-3 -- 2-0-3p1
This Product Support Notification is publicly viewable on the Web at:
If you have any questions concerning this notice, or to obtain the latest patch release, please contact Unisphere Networks Customer Service.
Inside the U.S. call: (800) 424-2344
Outside the U.S. call: (978) 589-9000
Via the Web @ http://support.unispherenetworks.com
Via email @ firstname.lastname@example.org
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.