Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2004-463: httpd

Vulnerability Assessment Details

RHSA-2004-463: httpd

Vulnerability Assessment Summary
Check for the version of the httpd packages

Detailed Explanation for this Vulnerability Assessment

Updated httpd packages that include fixes for security issues are now
available.

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.

Four issues have been discovered affecting releases of the Apache HTTP 2.0
Server, up to and including version 2.0.50:

Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util library.
If a remote attacker sent a request including a carefully crafted URI, an
httpd child process could be made to crash. This issue is not believed to
permit arbitrary code execution on Red Hat Enterprise Linux. This issue
also does not represent a significant denial of service attack as requests
will continue to be handled by other Apache child processes. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0786 to this issue.

The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
expansion of environment variables during configuration file parsing. This
issue could permit a local user to gain 'apache' rights if an httpd
process can be forced to parse a carefully crafted .htaccess file written
by a local user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0747 to this issue.

An issue was discovered in the mod_ssl module which could be triggered if
the server is configured to permit proxying to a remote SSL server. A
malicious remote SSL server could force an httpd child process to crash by
sending a carefully crafted response header. This issue is not believed to
permit execution of arbitrary code. This issue also does not represent a
significant Denial of Service attack as requests will continue to be
handled by other Apache child processes. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0751 to
this issue.

An issue was discovered in the mod_dav module which could be triggered for
a location where WebDAV authoring access has been configured. A malicious
remote client which is authorized to use the LOCK method could force an
httpd child process to crash by sending a particular sequence of LOCK
requests. This issue does not permit execution of arbitrary code. This
issue also does not represent a significant Denial of Service attack as
requests will continue to be handled by other Apache child processes. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2004-0809 to this issue.

Users of the Apache HTTP server should upgrade to these updated packages,
which contain backported patches that address these issues.

Solution : http://rhn.redhat.com/errata/RHSA-2004-463.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors