SARA Note: Reports from Apache indicate that Apache 2.0.46 is also vulnerable to attack. We will update this note when CERT publishes an appropriate Advisory
Apache 2.0 versions 2.0.37 through 2.0.45 can be caused to crash in certain circumstances. This can be triggered remotely through mod_dav and possibly other mechanisms. The crash was originally reported by David Endler <DEndler@iDefense.com> and was researched and fixed by Joe Orton <jorton@redhat.com>. Specific details and an analysis of the crash will be published Friday, May 30. No more specific information is disclosed at this time, but all Apache 2.0 users are encouraged to upgrade now.
Vendor | Status | Date Updated |
---|---|---|
Apache Software Foundation | Vulnerable | 2-Jun-2003 |
Apple Computer Inc. | Vulnerable | 24-Jun-2003 |
Conectiva | Vulnerable | 23-Jun-2003 |
Hewlett-Packard Company | Vulnerable | 18-Sep-2003 |
MandrakeSoft | Vulnerable | 24-Jun-2003 |
Red Hat Inc. | Vulnerable | 2-Jun-2003 |
The CERT/CC thanks David Endler for discovering this vulnerability.
This document was written by Jeffrey P. Lanza.
Other Information
Date Public | 05/28/2003 |
Date First Published | 06/24/2003 01:40:09 PM |
Date Last Updated | 09/18/2003 |
CERT Advisory | |
CVE Name | CAN-2003-0245 |
Metric | 18.00 |
Document Revision | 15 |