Vulnerabilities > CVE-2001-1342 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Statements
contributor | Mark J Cox |
lastmodified | 2008-07-02 |
organization | Apache |
statement | Fixed in Apache HTTP Server 1.3.20: http://httpd.apache.org/security/vulnerabilities_13.html |
References
- http://www.iss.net/security_center/static/6527.php
- http://www.apacheweek.com/issues/01-05-25
- http://bugs.apache.org/index.cgi/full/7522
- http://online.securityfocus.com/archive/1/176144
- http://www.securityfocus.com/bid/2740
- http://marc.info/?l=bugtraq&m=99054258728748&w=2
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E