Release DateSep 11, 2006 |
Severitymedium |
ImpactDenial of service |
DescriptionThis indicates an attack attempt against a denial-of-service vulnerability in the Apache HTTP server SSL module, mod_ssl.The vulnerability is caused by an error when the vulnerable software handles a specially crafted encrypted communication. It allows a remote attacker to cause an Apache child process to enter an infinite loop. |
Affected ProductsApache HTTP Server 2.0Apache HTTP Server 2.0.28 Apache HTTP Server 2.0.32 Apache HTTP Server 2.0.35 Apache HTTP Server 2.0.36 Apache HTTP Server 2.0.37 Apache HTTP Server 2.0.38 Apache HTTP Server 2.0.39 Apache HTTP Server 2.0.40 Apache HTTP Server 2.0.41 Apache HTTP Server 2.0.42 Apache HTTP Server 2.0.43 Apache HTTP Server 2.0.44 Apache HTTP Server 2.0.45 Apache HTTP Server 2.0.46 Apache HTTP Server 2.0.47 Apache HTTP Server 2.0.48 Apache HTTP Server 2.0.49 Apache HTTP Server 2.0.50 |
Recommended ActionsApply the appropriate patches or upgrade the system to the latest non-vulnerable version:http://www.apache.org/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0748 |
Reference/shttp://www.securityfocus.com/bid/11094 (BugTraq) |
