| VID |
22187 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Apache web server, according to its banner, is vulnerable to a denial of service attack.
The Apache HTTP Server is a very popular freely available web server that runs on a variety of operating systems, including UNIX, Linux, and Microsoft Windows (Win32). A remotely exploitable denial-of-service vulnerability exists in the Apache HTTP Server. Exploitation of this vulnerability may allow a remote attacker to consume all available system resources, resulting in a denial-of-service condition.
* Note: This check item solely relied on the banner of the Apache web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/206537
http://www.idefense.com/advisory/04.08.03.txt
* Platforms Affected:
Apache 2.0 prior to 2.0.45
UNIX Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Apply a patch from your vendor, referring to CERT Vulnerability Note VU#206537, http://www.kb.cert.org/vuls/id/206537
-- OR --
If a patch is not available, upgrade to Apache HTTP Server 2.0.45, available from Apache download site, http://httpd.apache.org/download.cgi |
| Related URL |
CVE-2003-0132 (CVE) |
| Related URL |
7255 (SecurityFocus) |
| Related URL |
(ISS) |
|
