| Release Date | Sep 11, 2006 |
| Severity | Medium |
| Impact | Denial of service |
| Description | This indicates an attack attempt against a denial-of-service vulnerability in the Apache HTTP server SSL module, mod_ssl.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted encrypted communication. It allows a remote attacker to cause an Apache child process to enter an infinite loop. |
| Affected Products | Apache HTTP Server 2.0
Apache HTTP Server 2.0.28
Apache HTTP Server 2.0.32
Apache HTTP Server 2.0.35
Apache HTTP Server 2.0.36
Apache HTTP Server 2.0.37
Apache HTTP Server 2.0.38
Apache HTTP Server 2.0.39
Apache HTTP Server 2.0.40
Apache HTTP Server 2.0.41
Apache HTTP Server 2.0.42
Apache HTTP Server 2.0.43
Apache HTTP Server 2.0.44
Apache HTTP Server 2.0.45
Apache HTTP Server 2.0.46
Apache HTTP Server 2.0.47
Apache HTTP Server 2.0.48
Apache HTTP Server 2.0.49
Apache HTTP Server 2.0.50 |
| Recommended Actions | Apply the appropriate patches or upgrade the system to the latest non-vulnerable version:
http://www.apache.org/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0748
|
| Reference/s | http://www.securityfocus.com/bid/11094 (BugTraq)
|