Announcement Announcement Module
Collapse
No announcement yet.
Apache HTTP Server Denial of Service Vulnerabilities in Red Hat Products Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Apache HTTP Server Denial of Service Vulnerabilities in Red Hat Products

    Apache HTTP Server Denial of Service Vulnerabilities in Red Hat Products

    Severity Rating: MEDIUM

    Systems Affected

    Red Hat Enterprise Linux version 5 (httpd)
    Red Hat Enterprise Linux version 6 (httpd)
    Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (httpd)
    Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (httpd)
    Red Hat JBoss Enterprise Application Platform 6.2
    Red Hat JBoss Web Server 2 for RHEL 5 Server (httpd)
    Red Hat JBoss Web Server 2 for RHEL 6 Server (httpd)
    Red Hat JBoss Web Server 2.0

    Overview

    Multiple vulnerabilities have been reported in Apache HTTP Server used in Red Hat products, which could allow a remote attacker to cause denial of service conditions.

    Description

    1. Denial of Service (DoS) vulnerability in Apache HTTP Server mod_dav module

    This vulnerability exists in dav_xml_get_cdata function in "main/util.c" of mod_dav module due to an error while tracking the length of CDATA that includes removing white space. A remote attacker could exploit this vulnerability via a specially crafted DAV WRITE request. Successful exploitation could allow the remote attacker to cause Denial of Service (DoS) conditions.

    2. Denial of Service (DoS) vulnerability in Apache HTTP Servermod_log_config module

    This vulnerability exists in log_cookie function in "mod_log_config.c" of mod_log_config module due to an error while logging a cookie with an unassigned value. A remote attacker could exploit this vulnerability via a specially crafted truncated cookie. Successful exploitation could allow the remote attacker to cause Denial of Service (DoS) conditions.

    Solution

    Apply appropriate updates as mention in the following link
    https://rhn.redhat.com/errata/RHSA-2014-0825.html

    Vendor Information

    Red Hat
    http://rhn.redhat.com/errata/RHSA-2014-0252.html

    References

    Apache
    https://httpd.apache.org/security/vu...lities_24.html

    Security tracker
    http://securitytracker.com/id/1030456

    Xforce
    http://xforce.iss.net/xforce/xfdb/90878
    http://xforce.iss.net/xforce/xfdb/91879

    Security Focus
    http://www.securityfocus.com/bid/66303
Tag Cloud Tag Cloud Module
Collapse
Working...
X