Vulnerabilities > CVE-2005-2728 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
Vulnerable Configurations
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34123.NASL description s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 21107 published 2006-03-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21107 title HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2) NASL family Fedora Local Security Checks NASL id FEDORA_2005-848.NASL description This update includes two security fixes. An issue was discovered in mod_ssl where last seen 2020-06-01 modified 2020-06-02 plugin id 19727 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19727 title Fedora Core 3 : httpd-2.0.53-3.3 (2005-848) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-161.NASL description A flaw was discovered in mod_ssl last seen 2020-06-01 modified 2020-06-02 plugin id 19916 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19916 title Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34163.NASL description s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 21108 published 2006-03-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21108 title HP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-608.NASL description Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was discovered in mod_ssl last seen 2020-06-01 modified 2020-06-02 plugin id 21845 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21845 title CentOS 3 / 4 : httpd (CESA-2005:608) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-177-1.NASL description Apache did not honour the last seen 2020-06-01 modified 2020-06-02 plugin id 20587 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20587 title Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1) NASL family Fedora Local Security Checks NASL id FEDORA_2005-849.NASL description This update includes two security fixes. An issue was discovered in mod_ssl where last seen 2020-06-01 modified 2020-06-02 plugin id 19728 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19728 title Fedora Core 4 : httpd-2.0.54-10.2 (2005-849) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. (CVE-2005-1268) - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088) - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700) - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728) - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352) - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. (CVE-2005-3357) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638) - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) - It was discovered that the use of httpd last seen 2020-06-01 modified 2020-06-02 plugin id 127360 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127360 title NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-805.NASL description Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1268 Marc Stern discovered an off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback. When Apache is configured to use a CRL this can be used to cause a denial of service. - CAN-2005-2088 A vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the body of the request. - CAN-2005-2700 A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions. - CAN-2005-2728 The byte-range filter in Apache 2.0 allows remote attackers to cause a denial of service via an HTTP header with a large Range field. last seen 2020-06-01 modified 2020-06-02 plugin id 19612 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19612 title Debian DSA-805-1 : apache2 - several vulnerabilities NASL family Web Servers NASL id APACHE_2_0_55.NASL description The remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities : - A security issue exists where last seen 2020-06-01 modified 2020-06-02 plugin id 31656 published 2008-03-26 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31656 title Apache < 2.0.55 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-608.NASL description Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was discovered in mod_ssl last seen 2020-06-01 modified 2020-06-02 plugin id 19673 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19673 title RHEL 3 / 4 : httpd (RHSA-2005:608) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-15.NASL description The remote host is affected by the vulnerability described in GLSA-200508-15 (Apache 2.0: Denial of Service vulnerability) Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts. Impact : A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap space on the server, resulting in a Denial of Service of the Apache server. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19535 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19535 title GLSA-200508-15 : Apache 2.0: Denial of Service vulnerability
Oval
accepted 2013-04-29T04:00:24.222-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. family unix id oval:org.mitre.oval:def:10017 status accepted submitted 2010-07-09T03:56:16-04:00 title The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. version 26 accepted 2007-10-02T08:08:08.010-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc.
description The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. family unix id oval:org.mitre.oval:def:1246 status accepted submitted 2006-03-18T07:24:00.000-04:00 title VirusVault CGI Byterange Request DoS version 36 accepted 2007-10-02T08:08:10.608-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc.
description The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. family unix id oval:org.mitre.oval:def:1727 status accepted submitted 2006-03-18T07:24:00.000-04:00 title Webproxy CGI Byterange Request DoS version 36 accepted 2006-01-25T07:30:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. family unix id oval:org.mitre.oval:def:760 status accepted submitted 2005-11-30T12:00:00.000-04:00 title Apache HTTP Byte-range DoS Vulnerability version 36
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-02 |
| organization | Apache |
| statement | Fixed in Apache HTTP Server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://issues.apache.org/bugzilla/show_bug.cgi?id=29962
- http://www.gentoo.org/security/en/glsa/glsa-200508-15.xml
- http://www.securityfocus.com/bid/14660
- http://secunia.com/advisories/16559/
- http://www.debian.org/security/2005/dsa-805
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:161
- http://www.redhat.com/support/errata/RHSA-2005-608.html
- http://www.novell.com/linux/security/advisories/2005_51_apache2.html
- http://www.ubuntu.com/usn/usn-177-1
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://secunia.com/advisories/16705
- http://secunia.com/advisories/16714
- http://secunia.com/advisories/16743
- http://secunia.com/advisories/16746
- http://secunia.com/advisories/16753
- http://secunia.com/advisories/16754
- http://secunia.com/advisories/16769
- http://secunia.com/advisories/16789
- http://secunia.com/advisories/16956
- http://secunia.com/advisories/17036
- http://secunia.com/advisories/17288
- http://secunia.com/advisories/17600
- http://secunia.com/advisories/17831
- http://secunia.com/advisories/17923
- http://secunia.com/advisories/18161
- http://secunia.com/advisories/18333
- ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- http://secunia.com/advisories/18517
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
- http://secunia.com/advisories/19072
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://www.novell.com/linux/security/advisories/2005_52_apache2.html
- http://securityreason.com/securityalert/604
- http://www.vupen.com/english/advisories/2006/0789
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A760
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1727
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1246
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10017
- http://www.securityfocus.com/archive/1/428138/100/0/threaded
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E