CVE-2008-2364

Severity

50%

Complexity

99%

Confidentiality

48%

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Apache Software Foundation Apache HTTP Server

First reported 16 years ago

2008-06-13 18:41:00

Last updated 6 years ago

2018-10-11 20:40:00

Affected Software

Apache Software Foundation Apache HTTP Server 2.0.63

2.0.63

Apache Software Foundation Apache HTTP Server 2.2.8

2.2.8

References

HPSBUX02365

APPLE-SA-2008-10-09

SUSE-SR:2009:006

SUSE-SR:2009:007

HPSBUX02401

HPSBUX02465

RHSA-2008:0967

30621

Vendor Advisory

31026

31404

31416

31651

31904

32222

32685

32838

33156

33797

34219

34259

34418

GLSA-200807-06

247666

http://support.apple.com/kb/HT3216

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328

MDVSA-2008:195

MDVSA-2008:237

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

RHSA-2008:0966

20080729 rPSA-2008-0236-1 httpd mod_ssl

20081122 rPSA-2008-0328-1 httpd mod_ssl

29653

Patch

31681

1020267

USN-731-1

ADV-2008-1798

ADV-2008-2780

ADV-2009-0320

http://www-01.ibm.com/support/docview.wss?uid=swg27008517

PK67579

apache-modproxy-module-dos(42987)

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:11713

oval:org.mitre.oval:def:6084

oval:org.mitre.oval:def:9577

FEDORA-2008-6393

FEDORA-2008-6314

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.