Vulnerabilities > CVE-2003-0132 - Missing Release of Resource after Effective Lifetime vulnerability in Apache Http Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
CWE-772
nessus
exploit available
NVD
Published: 2003-04-11
Updated: 2023-11-07

Summary

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

Vulnerable Configurations

Part Description Count
Application
Apache
48

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • HTTP DoS
    An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Exploit-Db

  • descriptionApache HTTP Server 2.x Memory Leak Exploit. CVE-2003-0132. Dos exploit for windows platform
    idEDB-ID:9
    last seen2016-01-31
    modified2003-04-09
    published2003-04-09
    reporterMatthew Murphy
    sourcehttps://www.exploit-db.com/download/9/
    titleApache HTTP Server 2.x Memory Leak Exploit
  • descriptionApache <= 2.0.44 Linux Remote Denial of Service Exploit. CVE-2003-0132. Dos exploit for linux platform
    idEDB-ID:11
    last seen2016-01-31
    modified2003-04-11
    published2003-04-11
    reporterDaniel Nystram
    sourcehttps://www.exploit-db.com/download/11/
    titleApache <= 2.0.44 Linux - Remote Denial of Service Exploit

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-050.NASL
    descriptionA memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart
    last seen2020-06-01
    modified2020-06-02
    plugin id14034
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14034
    titleMandrake Linux Security Advisory : apache2 (MDKSA-2003:050)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:050. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(14034);
  script_version ("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2003-0020", "CVE-2003-0083", "CVE-2003-0132");
  script_xref(name:"MDKSA", value:"2003:050");

  script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A memory leak was discovered in Apache 2.0 through 2.0.44 that can
allow a remote attacker to cause a significant denial of service (DoS)
by sending requests containing a lot of linefeed characters to the
server.

As well, Apache does not filter terminal escape sequences from its log
files, which could make it easy for an attacker to insert those
sequences into the error and access logs, which could possibly be
viewed by certain terminal emulators with vulnerabilities related to
escape sequences.

After upgrading these packages, be sure to restart the httpd server by
executing :

service httpd restart"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_dav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-common-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-devel-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-manual-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_dav-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ldap-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ssl-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-modules-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-source-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libapr0-2.0.45-4.2mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyWeb Servers
    NASL idAPACHE_2_0_45.NASL
    descriptionThe remote host is running a version of Apache 2.0.x that is prior to 2.0.45. It is, therefore, reportedly affected by multiple vulnerabilities : - There is a denial of service attack that could allow an attacker to disable this server remotely. - The httpd process leaks file descriptors to child processes, such as CGI scripts. An attacker who has the ability to execute arbitrary CGI scripts on this server (including PHP code) would be able to write arbitrary data in the file pointed to (in particular, the log files).
    last seen2020-06-01
    modified2020-06-02
    plugin id11507
    published2003-04-03
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11507
    titleApache 2.0.x < 2.0.45 Multiple Vulnerabilities (DoS, File Write)

Oval

accepted2010-09-20T04:00:14.769-04:00
classvulnerability
contributors
  • nameJay Beale
    organizationBastille Linux
  • nameJay Beale
    organizationBastille Linux
  • nameThomas R. Jones
    organizationMaitreya Security
  • nameJonathan Baker
    organizationThe MITRE Corporation
descriptionA memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
familyunix
idoval:org.mitre.oval:def:156
statusaccepted
submitted2003-08-17T12:00:00.000-04:00
titleApache Linefeed Allocation Vulnerability
version41

Redhat

advisories
rhsa
idRHSA-2003:139

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache HTTP Server 2.0.45: http://httpd.apache.org/security/vulnerabilities_20.html

References