Apache 'chunk handling' vulnerability
| Package(s): | apache | CVE #(s): | CAN-2002-0392 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | June 19, 2002 | Updated: | July 3, 2002 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | It is past time to upgrade your Apache servers. A worm which takes advantage of the this vulnerability has been sighted, and its source has been publicly posted.
An apache httpd bug related to chunked encoding presents a denial of service vulnerability. For some platforms, including both 32-bit and 64-bit Linux, it is also a potential remote exploit vulnerability. A "carefully crafted invalid request" may be used to trigger the bug. The problem is fixed in Apache 2.0.39 and 1.3.26, which may be downloaded from here. For more information, see the advisories from CERT and the Apache Group. This vulnerability has been widely publicized. Applying a patch from your vendor or upgrading to the latest version from the Apache Software Foundation is strongly encouraged. Avoid patches from other sources; at least one patch that does not address the full scope of the problem has been circulated. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||