tonybradley
May 28th, 2003, 08:16 PM
I don't know for sure if this is different than what was posted here a month ago (see thread (http://www.antionline.com/showthread.php?s=&threadid=242186&highlight=apache+dos) ), but the Secunia Advisory was just released today so I assume it is new.
Here are some details:
Two vulnerabilities have been reported in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system or potentially compromise it.
1) The vulnerability can be exploited through "mod_dav" and potentially also other mechanisms. Successful exploitation can result in a DoS and may also allow execution of arbitrary code with the privileges of the web service according to a Red Hat advisory (see "Other References").
Versions 2.0.37 through 2.0.45 have been reported as vulnerable.
Apache Software Foundation states that further information regarding this vulnerability will be released on 30th May.
2) The vulnerability is caused due to an error in the basic authentication module and has been reported to affect versions 2.0.40 through 2.0.45 on Unix platforms. This can be exploited to cause a DoS, which makes Basic Authentication fail until the web service is restarted.
Successful exploitation requires that a threaded MPM (Multi-Processing Modules) is used.
Here is the full advisory: Secunia Advisory (http://www.secunia.com/advisories/8881/)
Here are some details:
Two vulnerabilities have been reported in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system or potentially compromise it.
1) The vulnerability can be exploited through "mod_dav" and potentially also other mechanisms. Successful exploitation can result in a DoS and may also allow execution of arbitrary code with the privileges of the web service according to a Red Hat advisory (see "Other References").
Versions 2.0.37 through 2.0.45 have been reported as vulnerable.
Apache Software Foundation states that further information regarding this vulnerability will be released on 30th May.
2) The vulnerability is caused due to an error in the basic authentication module and has been reported to affect versions 2.0.40 through 2.0.45 on Unix platforms. This can be exploited to cause a DoS, which makes Basic Authentication fail until the web service is restarted.
Successful exploitation requires that a threaded MPM (Multi-Processing Modules) is used.
Here is the full advisory: Secunia Advisory (http://www.secunia.com/advisories/8881/)