Apache Web Server DoS Vulnerability
BID:2216
Info
Apache Web Server DoS Vulnerability
| Bugtraq ID: | 2216 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 06 1998 12:00AM |
| Updated: | Apr 20 2006 07:46PM |
| Credit: | Discovered and posted to Bugtraq by Michal Zalewski <[email protected]> on Dec 31, 1997. |
| Vulnerable: |
Apache Apache 1.2 |
| Not Vulnerable: |
Apache Apache 1.2.5 |
Discussion
Apache Web Server DoS Vulnerability
Apache Web Server 1.2 and previous versions are subject to a denial of service. By requesting a malformed GET request composed of an unusually large number of '/' characters, an attacker can cause CPU usage to spike. A restart of the service is required to gain normal functionality.
Apache Web Server 1.2 and previous versions are subject to a denial of service. By requesting a malformed GET request composed of an unusually large number of '/' characters, an attacker can cause CPU usage to spike. A restart of the service is required to gain normal functionality.
Exploit / POC
Apache Web Server DoS Vulnerability
Michal Zalewski <[email protected]> has provided the following exploit called 'beck2':
Michal Zalewski <[email protected]> has provided the following exploit called 'beck2':
Solution / Fix
Apache Web Server DoS Vulnerability
Solution:
This vulnerability has been addressed in Apache Web Server 1.2.5:
http://www.apache.org/dist/
Solution:
This vulnerability has been addressed in Apache Web Server 1.2.5:
http://www.apache.org/dist/
References
Apache Web Server DoS Vulnerability
References:
References:
- Apache Security Bulletin (Apache Software Foundation)
- Apache Software Foundation Homepage (Apache Software Foundation)