From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Jul 09 2003 - 06:27:20 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Apache Type-Map Handler Denial of Service Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9217/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
Local system

SOFTWARE:
Apache 2.0.x

DESCRIPTION:
A vulnerability has been reported in Apache HTTP Server, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service) on a vulnerable web server.

The vulnerability is caused due to an error in the type-map handler
when parsing type maps. By specifying a specially crafted file, a
malicious user can cause the web server to enter an infinite loop
resulting in a DoS.

The vulnerability has been reported in versions 2.0.43 to 2.0.46.
However, prior versions may also be affected.

SOLUTION:
Only trusted people should be granted access to systems.

Reportedly, this will be fixed in an upcoming version 2.0.47:
http://httpd.apache.org/

REPORTED BY / CREDITS:
Keigo Yamazaki (SecureNet Service).

ORIGINAL ADVISORY:
http://www.lac.co.jp/security/english/snsadv_e/66_e.html

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]