{"vuid":"VU#206537","idnumber":"206537","name":"Apache vulnerable to DoS","keywords":["Apache 2.x","linefeed characters","resource consumption"],"overview":"A remotely exploitable denial-of-service vulnerability exists in the Apache HTTP Server. Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition.","clean_desc":"The Apache HTTP Server is a very popular freely available web server that runs on a variety of operating systems, including UNIX, Linux, and Microsoft Windows (Win32). A vulnerability exists in the way the Apache HTTP Server handles excessively large chunks of consecutive linefeed characters. Apache 2.0.44 (both the Windows & UNIX implementations) contains this vulnerability. Prior 2.x versions of Apache may contain the vulnerability. For more information, please see the iDEFENSE Advisory.","impact":"Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition.","resolution":"Apply a patch from your vendor. If a patch is not available, you may wish to upgrade to Apache HTTP Server 2.0.45. The Apache Software Foundation has provided a patch as well.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by \niDEFENSE Inc. The CERT/CC thanks iDEFENSE Inc. for the information contained in their document, upon which this document is based.","author":"This document was written by Ian A Finlay.","public":["http://www.idg.com.sg/idgwww.nsf/unidlookup/315B17C00BE0ADBD48256CFE0013EEFB?OpenDocument","http://news.zdnet.co.uk/story/0,,t269-s2132975,00.html?rtag=zdnetukhompage","http://marc.theaimsgroup.com/?l=bugtraq&m=104931360606484&w=2","http://www.businessweek.com/technology/cnet/stories/995309.htm","http://www.neowin.net/comments.php?id=10012&category=main","http://www.pcworld.com/news/article/0,aid,110142,00.asp","http://www.nwfusion.com/news/2003/0403newapach.html","http://www.theregister.co.uk/content/55/30126.html","http://www.idefense.com/advisory/04.08.03.txt","http://www.vnunet.com/News/1139961","http://httpd.apache.org/download.cgi"],"cveids":["CVE-2003-0132"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-04-08T14:04:48Z","publicdate":"2003-04-08T00:00:00Z","datefirstpublished":"2003-04-08T15:54:01Z","dateupdated":"2003-09-18T15:39:32Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"18","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"9.72","cam_scorecurrentwidelyknown":"19.98","cam_scorecurrentwidelyknownexploited":"30.78","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.72,"vulnote":null}