Overview
Some versions of the Apache Web server are vulnerable to denial-of-service attacks by crafted HTTP requests.
Description
A vulnerability exists in some versions the Apache Web (HTTPD) Server running on Windows 98SE, Windows 2000 SP1, and OS/2. The vulnerability appears to be a bounds checking problem in HTTP requests. Receipt of an HTTP request 8192 characters in length can exploit the vulnerability. |
Impact
An attacker could cause the server to crash. |
Solution
Upgrade to version Apache HTTPD Server 1.3.20 or later. For more info, see: |
Vendor Information
125235
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Auriemma Luigi and Security Tracker for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
| CVE IDs: | None |
| Severity Metric: | 3.80 |
| Date Public: | 2001-04-13 |
| Date First Published: | 2002-03-29 |
| Date Last Updated: | 2002-07-30 18:45 UTC |
| Document Revision: | 11 |