| VID |
22248 |
| Severity |
30 |
| Port |
443 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
A version of Apache 2 before 2.0.49 has been detected as running on the host.
Apache HTTP Server versions 2.0.35 through 2.0.48 are vulnerable to a denial of service attack, caused by a memory leak in the mod_ssl authentication module. By sending plain HTTP requests to the SSL port of an SSL-enabled server, remote attackers could cause the HTTP daemon to crash.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.apacheweek.com/features/security-20
http://marc.theaimsgroup.com/?l=apache-cvs&m=107869699329638
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106
* Platforms Affected:
Apache HTTP Server 2.0.35 through 2.0.48
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache HTTP Server (2.0.49-dev or later), available from the Apache HTTP Server Web site at http://httpd.apache.org/download.cgi
For Red Hat Linux:
Upgrade to the latest httpd package, as listed in Red Hat Security Advisory RHSA-2004:084-14 at https://rhn.redhat.com/errata/RHSA-2004-084.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-0113 (CVE) |
| Related URL |
9826 (SecurityFocus) |
| Related URL |
15419 (ISS) |
|
