Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

It is possible for remote attackers to cause a denial-of-service scenario on Apache 2.0.52 and earlier by sending an HTTP GET request with a MIME header containing multiple lines full of whitespaces.

Chintan Trivedi discovered a Denial of Service vulnerability in apache2. The field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server to cause HTTP server instances to consume proportional amounts of memory, which can render the service unavailable.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied.

This security update contains fixes for the following products :

  - Apache 2
  - AppKit
  - Bluetooth
  - CoreFoundation
  - CUPS
  - Directory Services
  - HItoolbox
  - Kerberos
  - loginwindow
  - Mail
  - MySQL
  - OpenSSL
  - QuartzComposerScreenSaver
  - ping
  - Safari
  - SecurityInterface
  - servermgrd
  - servermgr_ipfilter
  - SquirelMail
  - traceroute
  - WebKit
  - WebLog Server
  - X11
  - zlib

s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : 

A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to bypass SSLCipherSuite restrictions.

A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan Trivedi; he found that by sending a large amount of specially- crafted HTTP GET requests, a remote attacker could cause a Denial of Service on the httpd server. This vulnerability is due to improper enforcement of the field length limit in the header-parsing code.

The updated packages have been patched to prevent this problem.

Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available.

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.

An issue has been discovered in the mod_ssl module when configured to use the 'SSLCipherSuite' directive in directory or location context.
If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0885 to this issue.

An issue has been discovered in the handling of white space in request header lines using MIME folding. A malicious client could send a carefully crafted request, forcing the server to consume large amounts of memory, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0942 to this issue.

Several minor bugs were also discovered, including :

  - In the mod_cgi module, problems that arise when CGI     scripts are invoked from SSI pages by mod_include using     the '#include virtual' syntax have been fixed.

  - In the mod_dav_fs module, problems with the handling of     indirect locks on the S/390x platform have been fixed.

Users of the Apache HTTP server who are affected by these issues should upgrade to these updated packages, which contain backported patches.

The remote host is affected by the vulnerability described in GLSA-200411-18 (Apache 2.0: Denial of Service by memory consumption)

    Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code.
  Impact :

    By sending a large amount of specially crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
37058	FreeBSD : apache2 multiple space header denial-of-service vulnerability (282dfea0-3378-11d9-b404-000c6e8f12ef)	Nessus	FreeBSD Local Security Checks	medium
20638	Ubuntu 4.10 : apache2 vulnerability (USN-23-1)	Nessus	Ubuntu Local Security Checks	medium
19463	Mac OS X Multiple Vulnerabilities (Security Update 2005-007)	Nessus	MacOS X Local Security Checks	critical
19399	HP-UX PHSS_33075 : Apache on HP-UX, Remote Denial of Service (DoS), Bypass of SSLCipherSuite Settings (HPSBUX01123 SSRT5931 rev.2)	Nessus	HP-UX Local Security Checks	high
15740	Mandrake Linux Security Advisory : apache2 (MDKSA-2004:135)	Nessus	Mandriva Local Security Checks	medium
15700	RHEL 3 : httpd (RHSA-2004:562)	Nessus	Red Hat Local Security Checks	high
15693	GLSA-200411-18 : Apache 2.0: Denial of Service by memory consumption	Nessus	Gentoo Local Security Checks	medium

Detections

Analytics

CVE-2004-0942

high

Tenable Plugins

medium

medium

critical

high

medium

high

medium