Vulnerabilities > CVE-2003-0132 - Missing Release of Resource after Effective Lifetime vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- HTTP DoS An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.
Exploit-Db
description Apache HTTP Server 2.x Memory Leak Exploit. CVE-2003-0132. Dos exploit for windows platform id EDB-ID:9 last seen 2016-01-31 modified 2003-04-09 published 2003-04-09 reporter Matthew Murphy source https://www.exploit-db.com/download/9/ title Apache HTTP Server 2.x Memory Leak Exploit description Apache <= 2.0.44 Linux Remote Denial of Service Exploit. CVE-2003-0132. Dos exploit for linux platform id EDB-ID:11 last seen 2016-01-31 modified 2003-04-11 published 2003-04-11 reporter Daniel Nystram source https://www.exploit-db.com/download/11/ title Apache <= 2.0.44 Linux - Remote Denial of Service Exploit
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-050.NASL description A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart last seen 2020-06-01 modified 2020-06-02 plugin id 14034 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14034 title Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:050. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14034); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0020", "CVE-2003-0083", "CVE-2003-0132"); script_xref(name:"MDKSA", value:"2003:050"); script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_dav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-common-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-devel-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-manual-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_dav-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ldap-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ssl-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-modules-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-source-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libapr0-2.0.45-4.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Web Servers NASL id APACHE_2_0_45.NASL description The remote host is running a version of Apache 2.0.x that is prior to 2.0.45. It is, therefore, reportedly affected by multiple vulnerabilities : - There is a denial of service attack that could allow an attacker to disable this server remotely. - The httpd process leaks file descriptors to child processes, such as CGI scripts. An attacker who has the ability to execute arbitrary CGI scripts on this server (including PHP code) would be able to write arbitrary data in the file pointed to (in particular, the log files). last seen 2020-06-01 modified 2020-06-02 plugin id 11507 published 2003-04-03 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11507 title Apache 2.0.x < 2.0.45 Multiple Vulnerabilities (DoS, File Write)
Oval
accepted | 2010-09-20T04:00:14.769-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
description | A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:156 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2003-08-17T12:00:00.000-04:00 | ||||||||||||||||
title | Apache Linefeed Allocation Vulnerability | ||||||||||||||||
version | 41 |
Redhat
advisories |
|
Statements
contributor | Mark J Cox |
lastmodified | 2008-07-02 |
organization | Apache |
statement | Fixed in Apache HTTP Server 2.0.45: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://www.idefense.com/advisory/04.08.03.txt
- http://www.redhat.com/support/errata/RHSA-2003-139.html
- http://lists.apple.com/mhonarc/security-announce/msg00028.html
- http://www.kb.cert.org/vuls/id/206537
- http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147
- http://secunia.com/advisories/8499
- http://secunia.com/advisories/34920
- http://www.vupen.com/english/advisories/2009/1233
- http://marc.info/?l=bugtraq&m=105013378320711&w=2
- http://marc.info/?l=bugtraq&m=104994309010974&w=2
- http://marc.info/?l=bugtraq&m=105001663120995&w=2
- http://marc.info/?l=bugtraq&m=104931360606484&w=2
- http://marc.info/?l=bugtraq&m=104982175321731&w=2
- http://marc.info/?l=bugtraq&m=104994239010517&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A156
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E