Ubuntu 4.10 : apache2 vulnerability (USN-23-1)
Medium Nessus Plugin ID 20638
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionChintan Trivedi discovered a Denial of Service vulnerability in apache2. The field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server to cause HTTP server instances to consume proportional amounts of memory, which can render the service unavailable.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.