Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 28, 2002
Affected
In relation to this CERT advisory on security vulnerability in Apache, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that various Alcatel products can be affected: namely the A5000 and A5020 SoftSwitches, the A5735 SMC, the A1300 NMC2, the management platforms for the A1000 UMTS/GPRS/MSC solutions, the 1353 SH and 1355 VPN. Customers using these products should upgrade to Apache WebServer 1.3.26 (or higher) or may contact their Alcatel support representative for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential security vulnerabilities in our products using the Apache Webserver and will provide updates if necessary.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
New versions of the Apache software are available from: http://httpd.apache.org/
Notified: June 14, 2002 Updated: July 02, 2002
Affected
This vulnerability is fixed with the release of the "Security Update - July 2002" software update.
The vendor has not provided us with any further information regarding this vulnerability.
More information about this vulnerability is available at: http://www.apple.com/support/security/security_updates.html
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: July 08, 2002
Unknown
Cisco Systems is evaluating the vulnerabilities identified by VU#944335. Should an issue be found, Cisco will release a Security Advisory. The most up-to-date information on all Cisco product security issues may be found at http://www.cisco.com/go/psirt/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: July 16, 2002
Affected
Compaq has released Security Bulletin SSRT2253 (document number SRB0021W).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 19, 2002
Affected
Covalent Technologies distributes products based on Apache 1.3 and Apache 2.0 that may be subject to this vulnerability. Covalent is currently creating patches to affected products. Covalent customers will be informed by email, and by postings at www.covalent.net/support when the patches are available.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 18, 2002
Not Affected
Cray, Inc. does not distribute Apache with any of its operating systems.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 19, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Debian security advisory DSA-131-1 describing this issue is available from: http://www.debian.org/security/2002/dsa-131
Notified: June 14, 2002 Updated: June 24, 2002
Affected
The following F5 Networks, Inc. products contain a vulnerable version of the Apache-based web server. Instructions for obtaining and installing a patch are available in the following locations.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 21, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD has published a Security Notice about this vulnerability: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:04.asc
Notified: June 14, 2002 Updated: June 18, 2002
Not Affected
Fujitsu's UXP/V operating system does not support Apache and is therefore not affected by the vulnerability reported in VU#944335.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 19, 2002
Affected
Guardian Digital ships Apache in all version of EnGarde Secure Linux. EnGarde Secure Profssional users may update using the GDSN. This issue was addressed in ESA-20020619-014 which may be found at: http://www.linuxsecurity.com/advisories/other_advisory-2137.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: July 15, 2002
Affected
HP makes the Apache Server available for customers as a bundled software package called "HP Apache." New updates are available temporarily via ftp from a site located at hprc.external.hp.com. When the new updates are available at www.software.hp.com, the Hewlett-Packard Company Security Bulletin HPSBUX0207-197 will be updated. To retrieve the updates from the temporary ftp site, use a browser to connect to: ftp://apache:apache@192.170.19.51/ or: ftp://apache:apache@hprc.external.hp.com/ There are two subdirectories containing depots of swinstallable binaries with a ".t" extension, one for Apache 2.0.39 (11.00 and 11.11) and one for Apache 1.3.26 (11.00 and 11.11). HP Virtualvault (HP-UX 11.04) patches are available from itrc.hp.com with ID's of PHSS_27361 and PHSS_27371. For full details, see Hewlett-Packard Company Security Bulletin HPSBUX0207-197, available on itrc.hp.com. Search for "Apache chunk"
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett Packard has published security advisory HPSBUX0207-197 on this issue.
Notified: June 14, 2002 Updated: August 08, 2002
Affected
IBM makes the Apache Server availble for AIX customers as a software package under the AIX-Linux Affinity initiative. This package is included on the AIX Toolbox for Linux Applications CD, and can be downloaded via the IBM Linux Affinity website. The currently available version of Apache Server is susceptible to the vulnerability described here. We will update our Apache Server offering shortly to version 1.3.23, including the patch for this vulnerability; this update will be made available for downloading by accessing this URL: http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html and following the instructions presented there. Please note that Apache Server, and all Linux Affinity software, is offered on an "as-is" basis. IBM does not own the source code for this software, nor has it developed and fully tested this code. IBM does not support these software packages. The IBM HTTP Server product, which is also bundeled with the Websphere product,is based on the Apache server. As such, it is vulnerable to the current "Chunk Handling" issue and we are woring on a patch for this problem with all due haste. This statement will be updated as more information becomes available. Information for the Websphere patches is available from the web. Go to this URL: http://www.ibm.com/software/webservers/appserv/support.html Click on the "Websphere Flashes" link and look for the item for "IBM HTTP Server". This will contain information on the exposure and links to the patches. The IBM HMC product is also affected by the Apache vulnerability described above. The HMC is the hardware monitor and control console used with IBM's Regatta systems. This is a seperate hardware unit that uses a Linux-based operating system and Open Source software. Customers are advised to obtain the latest security paches for the HMC. These patches will be available early next week from the following URL: http://techsupport.services.ibm.com/server/hmc?fetch=corrsrv.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 18, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has been contacted by this vendor and told they have verified that the Lotus Domino web server is not vulnerable to this type of problem. Also, we have been told they do not ship Apache code with any of their products.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 21, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Mandrake published a security advisory describing this vulnerability: http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-039.php
Notified: June 17, 2002 Updated: June 19, 2002
Affected
The Apache webserver shipped with Conectiva Linux is vulnerable to this problem. New packages fixing this problem will be announced to our mailing list after an official fix becomes available.
The vendor has not provided us with any further information regarding this vulnerability.
A Conectiva security announcement is avilable at: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000498
Notified: June 14, 2002 Updated: June 17, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has been contacted by this vendor and been told they do not ship the Apache web server in any of their products.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: November 02, 2007
Affected
Network Appliance Data ONTAP(R) and NetCache(R) products are not affected. ReplicatorX versions 4.0 through 4.0.21 are affected (This was originally released by Topio Inc, now a wholly owned subsidiary of NetApp, as Topio Data Protection Suite (TDPS) releases 1.0 through 3.0.65). Contact the NetApp Technical Support Center +1-888-4NETAPP for remediation information and instructions.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 27, 2002
Unknown
Nortel Networks is reviewing its portfolio to determine if any products are affected by the vulnerability noted in CERT Advisory CA-2002-17. A definitive statement will be issued shortly.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 21, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Information about the chunked encoding problem is availabe from: http://www.openbsd.org/errata.html#httpd A patch correcting the problem is availabel at: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch
Notified: June 14, 2002 Updated: June 21, 2002
Affected
Oracle has issued Oracle Security Alert #36 in response to the chunked encoding Apache HTTP Server security vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Oracle Security Alert #36 is expected to be available at: http://otn.oracle.com/deploy/security/alerts.htm
Notified: June 14, 2002 Updated: June 18, 2002
Affected
Red Hat distributes Apache 1.3 versions in all Red Hat Linux distributions, and as part of Stronghold. However we do not distribute Apache for Windows. We are currently investigating the issue and will work on producing errata packages when an official fix for the problem is made available. When these updates are complete they will be available from the URL below. At the same time users of the Red Hat Network will be able to update their systems using the 'up2date' tool. http://rhn.redhat.com/errata/RHSA-2002-103.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: July 15, 2002
Unknown
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: Apache Web Server Chunk Handling vulnerability
Number: 20020605-01-I
Date: July 12, 2002
Reference: SGI Security Advisory 20020605-01-A
Reference: CERT CA-2002-17
Reference: Apache Security Bulletin 20020617
Reference: CAN-2002-0392 - --- Issue Specifics --- This bulletin is an update to SGI Security Advisory 20020605-01-A. It has been reported that versions of the Apache web server up to and
including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the
routines which deal with invalid requests which are encoded using chunked
encoding. This bug can be triggered remotely by sending a carefully crafted
invalid request. This functionality is enabled by default. See http://httpd.apache.org/info/security_bulletin_20020617.txt for
additional details. SGI has investigated the issues and recommends the following steps for
neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be
implemented on ALL vulnerable SGI systems. These issues have been corrected in IRIX 6.5.17, where we are now supplying
a fixed version of Apache. We are also making the fixed version of Apache
available on our security FTP site for prior releases of IRIX. - --- Impact --- The Apache webserver is supplied with IRIX versions since 6.5.12m/f as a
replacement for the older SGI FastTrack server. It is installed by default,
and is enabled through "chkconfig" by default. In order to determine if the Apache webserver is installed, execute the
following command: # versions -b | grep apache If the following line is returned you are OK: I sgi_apache 07/10/2002 SGI Web Server based on Apache, 1.3.26 But if either of these are returned you are vulnerable: I sgi_apache 03/20/2001 SGI Apache Server, 1.3.17
I sgi_apache 06/10/2001 SGI Apache Server, 1.3.20
I sgi_apache 12/06/2001 SGI Web Server based on Apache, 1.3.22 These vulnerabilities might lead to a root compromise in some
configurations, and no local account is required. These vulnerabilities have been publicly discussed in Usenet newsgroups
and mailing lists. This vulnerability was assigned the following CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392 - --- Temporary Workaround --- SGI acknowledges that it may not always be possible to immediately install
patches or upgrade the operating system. In those cases, we recommend
removing the Apache webserver and associated products by using the following
commands: # versions remove sgi_apache\*
# versions remove websetup\*
# versions remove gateway\* It is not necessary to reboot the system after doing this. You should
upgrade the operating system as soon as it is possible to do so. - --- Solution --- SGI has not provided a patch for these issues, but instead has rolled the
fixed Apache distribution into IRIX 6.5.17 and later releases of the
operating system. OS Version Vulnerable? Patch # Other Actions IRIX 3.x no Note 1
IRIX 4.x no Note 1
IRIX 5.x no Note 1
IRIX 6.0.x no Note 1
IRIX 6.1 no Note 1
IRIX 6.2 no Note 1
IRIX 6.3 no Note 1
IRIX 6.4 no Note 1
IRIX 6.5 no Note 2
IRIX 6.5.1 no Note 2
IRIX 6.5.2 no Note 2
IRIX 6.5.3 no Note 2
IRIX 6.5.4 no Note 2
IRIX 6.5.5 no Note 2
IRIX 6.5.6 no Note 2
IRIX 6.5.7 no Note 2
IRIX 6.5.8 no Note 2
IRIX 6.5.9 no Note 2
IRIX 6.5.10 no Note 2
IRIX 6.5.11 no Note 2
IRIX 6.5.12 yes Note 2
IRIX 6.5.13 yes sgi_apache 1.3.26 Note 2 & 3
IRIX 6.5.14 yes sgi_apache 1.3.26 Note 2 & 3
IRIX 6.5.15 yes sgi_apache 1.3.26 Note 2 & 3
IRIX 6.5.16 yes sgi_apache 1.3.26 Note 2 & 3
IRIX 6.5.17 no NOTES 1) This version of the IRIX operating has been retired. Upgrade to an
actively supported IRIX operating system. See
http://support.sgi.com/irix/news/index.html#policy for more
information. 2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
SGI Support Provider or URL: http://support.sgi.com/irix/swupdates/ 3) Install sgi_apache 1.3.26 which is supplied with the IRIX 6.5.17
Applications CD or available as sgi_apache-1.3.26.tar from: ftp://patches.sgi.com/support/free/security/patches/{6.5.13-6.5.16} ##### Patch File Checksums #### The actual patch will be a tar file containing the following files: Filename: sgi_apache
Algorithm #1 (sum -r): 24080 5 sgi_apache
Algorithm #2 (sum): 37968 5 sgi_apache
MD5 checksum: 1EE81B8F7A8DF9ED4D9AF507EA1D2755 Filename: sgi_apache.books
Algorithm #1 (sum -r): 65292 3274 sgi_apache.books
Algorithm #2 (sum): 32822 3274 sgi_apache.books
MD5 checksum: CD6296A58A1B6F1FF2D6B212058D1C4D Filename: sgi_apache.idb
Algorithm #1 (sum -r): 13477 281 sgi_apache.idb
Algorithm #2 (sum): 4276 281 sgi_apache.idb
MD5 checksum: 3144B64008FF66BF858434208C6BCB5B Filename: sgi_apache.man
Algorithm #1 (sum -r): 29483 97 sgi_apache.man
Algorithm #2 (sum): 35420 97 sgi_apache.man
MD5 checksum: A7864555852DB7ACC913F049BFC46121 Filename: sgi_apache.src
Algorithm #1 (sum -r): 43010 6244 sgi_apache.src
Algorithm #2 (sum): 58317 6244 sgi_apache.src
MD5 checksum: 7D2A6A9A226327D8D9990F80635AED80 Filename: sgi_apache.sw
Algorithm #1 (sum -r): 20406 1852 sgi_apache.sw
Algorithm #2 (sum): 32509 1852 sgi_apache.sw
MD5 checksum: 371625EE5B321A76137AD1A18B23B4C0 - --- Information --- SGI Security Advisories can be found at: http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/ SGI Security Patches can be found at: http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/patches/ SGI patches for IRIX can be found at the following patch servers: http://support.sgi.com/irix/ and ftp://patches.sgi.com/ SGI freeware updates for IRIX can be found at: http://freeware.sgi.com/ SGI fixes for SGI open sourced code can be found on: http://oss.sgi.com/projects/ SGI patches and RPMs for Linux can be found at: http://support.sgi.com/linux/ or
http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/ SGI patches for Windows NT or 2000 can be found at: http://support.sgi.com/nt/ IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at: http://support.sgi.com/irix/ and ftp://patches.sgi.com/support/patchset/ IRIX 6.5 Maintenance Release Streams can be found at: http://support.sgi.com/colls/patches/tools/relstream/index.html IRIX 6.5 Software Update CDs can be obtained from: http://support.sgi.com/irix/swupdates/ The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com (216.32.174.211). Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/ For security and patch management reasons, ftp.sgi.com (mirrors
patches.sgi.com security FTP repository) lags behind and does not do a
real-time update. - --- Acknowledgments ---- SGI wishes to thank Mark Litchfield, CERT, ISS and the users of the Internet
Community at large for their assistance in this matter. - --- SGI Security Information/Contacts --- If there are questions about this document, email can be sent to
security-info@sgi.com. ------oOo------ SGI provides security information and patches for use by the entire SGI
community. This information is freely available to any person needing the
information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com (216.32.174.211). Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/ The SGI Security Headquarters Web page is accessible at the URL: http://www.sgi.com/support/security/ For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com. For assistance obtaining or working with security patches, please
contact your SGI support provider. ------oOo------ SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below. % mail wiretap-request@sgi.com
subscribe wiretap
The vendor has not provided us with any further information regarding this vulnerability.
An SGI Advisory describing this issue is available at: ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
Updated: June 21, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Slackware Linux posted a message to their security list indicating that updated packages were available from: ftp://ftp.slackware.com/pub/slackware/slackware-8.0/
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 24, 2002
Affected
Sun bundles the Apache Web Server freeware product with Solaris 8 (Apache/1.3.12) and 9 (Apache/1.3.22). Both versions are affected by this vulnerability. Sun are presently producing patches for this issue for Solaris 8 and 9. Once the patches are available, we will be publishing a Sun Alert available from: http://sunsolve.sun.com/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 19, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
SuSE has published security announcement SuSE-SA:2002:022 describing this issue.
Notified: June 14, 2002 Updated: September 18, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Caldera has published several advisories describing this vulnerability: ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt ftp://ftp.caldera.com/pub/security/OpenUNIX/CSSA-2002-SCO.31.txt ftp://ftp.caldera.com/pub/security/UnixWare/CSSA-2002-SCO.31.txt ftp://ftp.caldera.com/pub/security/OpenServer/CSSA-2002-SCO.32.txt
Notified: June 14, 2002 Updated: September 18, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Caldera has published several advisories describing this vulnerability: ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt ftp://ftp.caldera.com/pub/security/OpenUNIX/CSSA-2002-SCO.31.txt ftp://ftp.caldera.com/pub/security/UnixWare/CSSA-2002-SCO.31.txt ftp://ftp.caldera.com/pub/security/OpenServer/CSSA-2002-SCO.32.txt
Updated: June 21, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Trustix Secure Linux has published an advisory on this topic: http://www.trustix.net/errata/misc/2002/TSL-2002-0056-apache.asc.txt
Notified: June 14, 2002 Updated: June 27, 2002
Affected
CUSTOMER SERVICE TECHNICAL BULLETIN SUBJECT: CERT Advisory CA-2002-17: Apache Web Server Chunk Handling Vulnerability BULLETIN NUMBER: SSC_PSN-001 BULLETIN TYPE: Product Support Notification AFFECTED PRODUCTS: SSC ISSUE DATE: 06/26/2002 REVISION: 1.0 PROBLEM DESCRIPTION: The CERT Coordination Center released an advisory on June 17, 2002 entitled, "CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability". The URL for the full text of the advisory can be found at: http://www.cert.org/advisories/CA-2002-17.html AFFECTED PRODUCT(S): SSC SOLUTION: The following releases of software have been found to suffer no negative effects from vulnerability outlined in CERT Advisory CA-2002-17: 2-0-2p2 2-0-3p2 All future releases of SSC will include the updated version of Apache web server that corrects this vulnerability. Earlier releases of software may allow the execution of arbitrary code by remote attackers. Information needed to exploit this vulnerability is publicly known. Affected releases include: 2-0-0 -- 2-0-2p1 2-0-3 -- 2-0-3p1 This Product Support Notification is publicly viewable on the Web at: http://support.unispherenetworks.com/websupport/CERT/ssc_psn-001.pdf If you have any questions concerning this notice, or to obtain the latest patch release, please contact Unisphere Networks Customer Service. Inside the U.S. call: (800) 424-2344 Outside the U.S. call: (978) 589-9000 Via the Web @ http://support.unispherenetworks.com Via email @ support@unispherenetworks.com
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: June 17, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 14, 2002 Updated: March 27, 2003
Affected
A response to this advisory is available from our web site: http://www.xerox.com/security
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.