Apache: Denial of Service Vulnerability

Users of Apache please be advised of a denial of service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

USN-1021-1: [USN-1021-1] Apache – Multiple vulnerabilities
Details follow:

It was discovered that Apache’s mod_cache and mod_dav modules incorrectly

handled requests that lacked a path. A remote attacker could exploit this

with a crafted request and cause a denial of service. This issue affected

Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1452)

It was discovered that Apache did not properly handle memory when

destroying APR buckets. A remote attacker could exploit this with crafted

requests and cause a denial of service via memory exhaustion. This issue

affected Ubuntu 6.06 LTS and 10.10. (CVE-2010-1623)

Read more at http://www.criticalwatch.com

 

Advertisements