CVE-2008-2364

Опубликовано: 10 июн. 2008

Источник: redhat

Описание

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

Отчет

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364 The Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Directory Server 8	httpd	Will not fix
Red Hat Certificate System 7.3	ant	Fixed	RHSA-2010:0602	04.08.2010
Red Hat Certificate System 7.3	avalon-logkit	Fixed	RHSA-2010:0602	04.08.2010
Red Hat Certificate System 7.3	axis	Fixed	RHSA-2010:0602	04.08.2010
Red Hat Certificate System 7.3	classpathx-jaf	Fixed	RHSA-2010:0602	04.08.2010
Red Hat Certificate System 7.3	classpathx-mail	Fixed	RHSA-2010:0602	04.08.2010
Red Hat Certificate System 7.3	geronimo-specs	Fixed	RHSA-2010:0602	04.08.2010
Red Hat Certificate System 7.3	jakarta-commons-modeler	Fixed	RHSA-2010:0602	04.08.2010
Red Hat Certificate System 7.3	log4j	Fixed	RHSA-2010:0602	04.08.2010
Red Hat Certificate System 7.3	mx4j	Fixed	RHSA-2010:0602	04.08.2010