Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2364

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2364
Last Modified 17 Jul 2013 11:44:26
Published 13 Jun 2008 02:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2364

Summary

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

Vulnerable Systems

Application

  • Apache Http Server 2.0.63

  • Apache Http Server 2.2.8


References

BID - 29653

FEDORA - FEDORA-2008-6314

FEDORA - FEDORA-2008-6393

XF - apache-modproxy-module-dos(42987)

VUPEN - ADV-2009-0320

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-1798

UBUNTU - USN-731-1

SECTRACK - 1020267

BID - 31681

BUGTRAQ - 20081122 rPSA-2008-0328-1 httpd mod_ssl

BUGTRAQ - 20080729 rPSA-2008-0236-1 httpd mod_ssl

REDHAT - RHSA-2008:0966

MANDRIVA - MDVSA-2008:237

MANDRIVA - MDVSA-2008:195

AIXAPAR - PK67579

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27008517

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328

CONFIRM - http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154

CONFIRM - http://support.apple.com/kb/HT3216

SUNALERT - 247666

GENTOO - GLSA-200807-06

SECUNIA - 34418

SECUNIA - 34259

SECUNIA - 34219

SECUNIA - 33797

SECUNIA - 33156

SECUNIA - 32838

SECUNIA - 32685

SECUNIA - 32222

SECUNIA - 31904

SECUNIA - 31651

SECUNIA - 31416

SECUNIA - 31404

SECUNIA - 31026

SECUNIA - 30621

REDHAT - RHSA-2008:0967

HP - HPSBUX02465

HP - SSRT090005

SUSE - SUSE-SR:2009:007

SUSE - SUSE-SR:2009:006

APPLE - APPLE-SA-2008-10-09

HP - HPSBUX02365

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

HP - SSRT090192

HP - HPSBUX02401

HP - SSRT080118

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)

Apple 2008-10-09 Security Update 2008-007 Client (Leopard)


Last Updated: 27 May 2016 10:47:28