Results 1 to 5 of 5

Thread: Apache DoS Vulnerability

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002

    Exclamation Apache DoS Vulnerability

    I don't know for sure if this is different than what was posted here a month ago (see thread ), but the Secunia Advisory was just released today so I assume it is new.

    Here are some details:

    Two vulnerabilities have been reported in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system or potentially compromise it.

    1) The vulnerability can be exploited through "mod_dav" and potentially also other mechanisms. Successful exploitation can result in a DoS and may also allow execution of arbitrary code with the privileges of the web service according to a Red Hat advisory (see "Other References").

    Versions 2.0.37 through 2.0.45 have been reported as vulnerable.

    Apache Software Foundation states that further information regarding this vulnerability will be released on 30th May.

    2) The vulnerability is caused due to an error in the basic authentication module and has been reported to affect versions 2.0.40 through 2.0.45 on Unix platforms. This can be exploited to cause a DoS, which makes Basic Authentication fail until the web service is restarted.

    Successful exploitation requires that a threaded MPM (Multi-Processing Modules) is used.
    Here is the full advisory: Secunia Advisory

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    Yep, this is new. A patch is already out.


    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    i heared abou that Dos and dDos attaks but i dont know anything about it ... i wondered if some body can help me .....

  4. #4
    DoS (denial of service) and DDoS (distributed denial of service) are attacks used by malcious *******s to "take down your net connection" or various other things, for instance in this case make apache quit running. They can be used for further exploitation. I wont tell you how to dos or ddos someone but you can find out more about it here > www.whatis.com <- type in DoS or Denial of Service

    Note that the explanation was simple rather than going into confusing details.

    Originally posted here by thehorse13
    Yep, this is new. A patch is already out.


    yes thats a patch for redhat users (ie rpms) etc. do you know of a patch that isnt in some sort of package manager? ie just the source?

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    apache 2.0.46 was released Wednesday....


    The details of the DoS hae not been released by apache because they are not out in the public much yet.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts