Apache Connection Blocking Denial Of Service Vulnerability

BID:9921

Info

Apache Connection Blocking Denial Of Service Vulnerability

Bugtraq ID: 9921
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2004-0174
Remote: Yes
Local: No
Published: Mar 19 2004 12:00AM
Updated: Jul 12 2009 03:06AM
Credit: Discovery of this issue is credited to Jeff Trawick.
Vulnerable: Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
IBM HTTP Server 2.0.47
IBM HTTP Server 2.0.42 .2
HP Webproxy A.02.10
+ HP HP-UX B.11.04
 HP Webproxy A.02.00
+ HP HP-UX B.11.04
 HP VirtualVault A.04.70
+ HP HP-UX B.11.04
 HP VirtualVault A.04.60
+ HP HP-UX B.11.04
 HP VirtualVault A.04.50
+ HP HP-UX B.11.04
 HP HP-UX 11.23
HP HP-UX 11.22
HP HP-UX 11.11
HP HP-UX 11.0
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.3
Apple Mac OS X 10.2.8
Apache Apache 2.0.48
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ SuSE Linux 8.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Apache 2.0.47
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.3.4
+ Apple Mac OS X Server 10.3.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
Apache Apache 2.0.46
+ Redhat Desktop 3.0
+ Redhat Enterprise Linux AS 3
 + Redhat Enterprise Linux ES 3
 + Redhat Enterprise Linux WS 3
 + Trustix Secure Linux 2.0
Apache Apache 2.0.45
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
Apache Apache 2.0.44
Apache Apache 2.0.43
Apache Apache 2.0.42
+ Gentoo Linux 1.4 _rc1
 + Gentoo Linux 1.2
Apache Apache 2.0.41
Apache Apache 2.0.40
+ Redhat Linux 9.0 i386
 + Redhat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Apache 2.0.39
Apache Apache 2.0.38
Apache Apache 2.0.37
Apache Apache 2.0.36
Apache Apache 2.0.35
Apache Apache 2.0.32
Apache Apache 2.0.28 Beta
Apache Apache 2.0.28
Apache Apache 2.0 a9
Apache Apache 2.0
Apache Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Apache Apache 1.3.28
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
 + OpenPKG OpenPKG 1.3
Apache Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
 + HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
 + Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
 + OpenPKG OpenPKG Current
 + Redhat Enterprise Linux AS 2.1 IA64
 + Redhat Enterprise Linux AS 2.1
 + Redhat Enterprise Linux ES 2.1 IA64
 + Redhat Enterprise Linux ES 2.1
 + Redhat Enterprise Linux WS 2.1 IA64
 + Redhat Enterprise Linux WS 2.1
 + Redhat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Apache 1.3.26
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Apache 1.3.25
Apache Apache 1.3.24
+ OpenBSD OpenBSD 3.1
 + Oracle Oracle HTTP Server 9.2 .0
 + Oracle Oracle HTTP Server 9.0.1
+ Oracle Oracle9i Application Server 9.0.2
+ Oracle Oracle9i Application Server 1.0.2 .2
 + Oracle Oracle9i Application Server 1.0.2 .1s
 + Oracle Oracle9i Application Server 1.0.2
+ Slackware Linux 8.1
+ Unisphere Networks SDX-300 2.0.3
Apache Apache 1.3.23
- IBM AIX 4.3
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ Redhat Linux 7.3 i386
 + Redhat Linux 7.3
+ SuSE Linux 8.0 i386
 + SuSE Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Apache 1.3.22
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.0
+ Redhat Linux 7.2 ia64
 + Redhat Linux 7.2 i386
 + Redhat Linux 7.1 ia64
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1 alpha
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux 6.2 sparc
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2 alpha
 Apache Apache 1.3.20
- HP HP-UX 11.22
- HP HP-UX 11.20
+ MandrakeSoft Single Network Firewall 7.2
+ SGI IRIX 6.5.18
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.14 m
 + SGI IRIX 6.5.14 f
 + SGI IRIX 6.5.14
+ SGI IRIX 6.5.13 m
 + SGI IRIX 6.5.13 f
 + SGI IRIX 6.5.13
+ SGI IRIX 6.5.12 m
 + SGI IRIX 6.5.12 f
 + SGI IRIX 6.5.12
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
+ Sun Solaris 9_x86 Update 2
 + Sun Solaris 9_x86
 + Sun Solaris 9
 + Sun SunOS 5.9 _x86
 + Sun SunOS 5.9
+ SuSE Linux 7.3 sparc
 + SuSE Linux 7.3 ppc
 + SuSE Linux 7.3 i386
 + SuSE Linux 7.3
Apache Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
 - Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
 + EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0 4
 - HP HP-UX 11.0
- HP HP-UX 10.20
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
+ Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 3.0
 - Redhat Linux 7.1
- Redhat Linux 7.0
- Redhat Linux 6.2
 - SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- SGI IRIX 6.5.8
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 + SuSE Linux 7.2 i386
 + SuSE Linux 7.2
+ SuSE Linux 7.1 x86
 + SuSE Linux 7.1 sparc
 + SuSE Linux 7.1 ppc
 + SuSE Linux 7.1 alpha
 + SuSE Linux 7.1
+ SuSE Linux 7.0 sparc
 + SuSE Linux 7.0 ppc
 + SuSE Linux 7.0 i386
 + SuSE Linux 7.0 alpha
 + SuSE Linux 7.0
+ SuSE Linux 6.4 ppc
 + SuSE Linux 6.4 i386
 + SuSE Linux 6.4 alpha
 + SuSE Linux 6.4
Apache Apache 1.3.18
Apache Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ SuSE Linux 7.1
Apache Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
- MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux 6.2 sparc
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2 alpha
 + Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
+ SuSE Linux 7.0 sparc
 + SuSE Linux 7.0
Apache Apache 1.3.11
Apache Apache 1.3.9
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 68k
 + Debian Linux 2.2
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ Sun Solaris 8_x86
 + Sun Solaris 8_sparc
 + Sun SunOS 5.8 _x86
 + Sun SunOS 5.8
Apache Apache 1.3.7 -dev
Apache Apache 1.3.6
+ Sun Cobalt ManageRaQ3 3000R-mr
+ Sun Cobalt RaQ3 3000R
+ Sun Cobalt Velociraptor
Apache Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Apache 1.3.3
+ Redhat Linux 5.2 sparc
 + Redhat Linux 5.2 i386
 + Redhat Linux 5.2 alpha
 Apache Apache 1.3.1
Apache Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Not Vulnerable: Posadis Posadis 1.3.31
Apache Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Apache 1.3.31
+ OpenPKG OpenPKG Current

Discussion

Apache Connection Blocking Denial Of Service Vulnerability

Apache is prone to an issue that may permit remote attackers to cause a denial of service issue via a listening socket on a rarely accessed port. This will reportedly block out new connections to the server until another connection on the rarely accessed socket is initiated.

The functionality that exposes this issue is reportedly enabled by default on all platforms except Windows.

Exploit / POC

Apache Connection Blocking Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Apache Connection Blocking Denial Of Service Vulnerability

Solution:
This issue is addressed with the release of Apache 2.0.49.

Netwosix Linux has released an advisory dealing with this issue. Please see the reference section for more details.

Trustix has released an advisory that includes updates for this issue.

IBM has released PQ85834 cumulative fix to address this issue in IBM HTTP Server 2.0.42.2 and IBM HTTP Server 2.0.47. Please see the referenced site in web references for more information.

SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.

HP has released security bulletin HPSBUX01022 dealing with this issue as well as fixes for their HP-UX architecture. Please see the referenced advisory for more information and details on obtaining fixes.

Apple has released security advisory APPLE-SA-2004-05-03 dealing with this and other issues. Please see the referenced advisory for more information.

OpenPKG has released an advisory OpenPKG-SA-2004.021 to address this and other issues in Apache. Please see the referenced advisory for more information.

Slackware has released an advisory SSA:2004-133-01 to address this and other issues in Apache. Please see the referenced advisory for more information.

Trustix has released an advisory TSLSA-2004-0027 to address this and other issues in Apache. Please see the referenced advisory for more information.

Mandrake has issued advisory MDKSA-2004:046 and fixes. See reference section for more information.

Mandrake has issued a revised advisory and fixes. See advisory MDKSA-2004:046-1 in the reference section for more information.

Turbolinux has issued advisory TLSA-2004-17 and fixes. See reference section for more information.

HP has released advisory HPSBTU01049 - SSRT4717 dealing with this and other issues. Please see the referenced advisory for more information.

Apache Server version 1.3.31 has been released to address this and other issues.

RedHat has released an advisory (RHSA-2004:405-06) to address various issues in Stronghold. Updated Stronghold 4 packages have been released. RedHat users are advised to upgrade their computers by carrying out the following command to launch the update agent service:

bin/agent

Please see the RedHat advisory in web references for more information.

HP has released an advisory (HPSBUX01069) to address this and other issues. Please see the referenced advisory for more information.

Sun has released an alert (Alert ID: 57628) containing preliminary T-patches to address this and other issues in Apache. Please see the advisory in web references for more information.

Sun has released an update to Sun Alert ID: 57628. Patches for Solaris 9.0 have been made available. Patches for Solaris 8.0 are still pending.

Sun has released an update to Sun Alert ID: 57628. T-Patches (T116973-01, T116974-01) are available through normal support channels for Solaris 8 SPARC platform and Solaris 8 x86 platform. Please see the referenced Sun alert for more information.

Apple has released an advisory (APPLE-SA-2004-12-02) dealing with this and other issues. This security update resolves this issue by installing Apache version 1.3.33, which has been fixed against this issue. Please see the referenced advisory for more information.


Sun Solaris 9

Sun Solaris 9_x86

Apache Apache 1.3

Apache Apache 1.3.1

Apache Apache 1.3.11

Apache Apache 1.3.12

Apache Apache 1.3.14

Apache Apache 1.3.17

Apache Apache 1.3.18

Apache Apache 1.3.19

Apache Apache 1.3.20

Apache Apache 1.3.22

Apache Apache 1.3.23

Apache Apache 1.3.24

Apache Apache 1.3.25

Apache Apache 1.3.26

Apache Apache 1.3.27

Apache Apache 1.3.28

Apache Apache 1.3.29

Apache Apache 1.3.3

Apache Apache 1.3.4

Apache Apache 1.3.6

Apache Apache 1.3.7 -dev

Apache Apache 1.3.9

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.3

Apple Mac OS X Server 10.3.3

Apache Apache 2.0

Apache Apache 2.0 a9

Apache Apache 2.0.28

Apache Apache 2.0.28 Beta

Apache Apache 2.0.32

Apache Apache 2.0.35

Apache Apache 2.0.36

Apache Apache 2.0.37

Apache Apache 2.0.38

Apache Apache 2.0.39

Apache Apache 2.0.40

Apache Apache 2.0.41

IBM HTTP Server 2.0.42 .2

Apache Apache 2.0.42

Apache Apache 2.0.43

Apache Apache 2.0.44

Apache Apache 2.0.45

Apache Apache 2.0.46

Apache Apache 2.0.47

IBM HTTP Server 2.0.47

Apache Apache 2.0.48

References

Apache Connection Blocking Denial Of Service Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report