Vigil@nce: Apache httpd, denials of service of of modules
March 2010 by Vigil@nce
An attacker can generate a denial of service in mod_proxy_ajp and
mod_isapi modules of Apache httpd.
– Severity: 2/4
– Consequences: denial of service of service
– Provenance: internet client
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 03/03/2010
– Revision date: 08/03/2010
IMPACTED PRODUCTS
– Apache httpd
– Mandriva Corporate
– Mandriva Enterprise Server
– Mandriva Linux
– Slackware Linux
DESCRIPTION OF THE VULNERABILITY
Two denials of service were announced in Apache httpd.
The mod_proxy_ajp module is used with Tomcat. When the client uses
the Content-Length header, but does not send a body, the
ap_proxy_ajp_request() function returns the error
HTTP_INTERNAL_SERVER_ERROR, instead of HTTP_BAD_REQUEST. A timeout
is then started, which creates a denial of service. [severity:2/4;
BID-38491, CVE-2010-0408]
The mod_isapi module is used on Windows. However, by interrupting
a query, this module is unloaded too soon, which forces the usage
of an invalid pointer, and stops the service. [severity:2/4;
CVE-2010-0425, SOS-10-002]
CHARACTERISTICS
– Identifiers: BID-38491, BID-38494, CVE-2010-0408, CVE-2010-0425,
MDVSA-2010:053, SOS-10-002, SSA:2010-067-01, VIGILANCE-VUL-9487
– Url: http://vigilance.fr/vulnerability/Apache-httpd-denials-of-service-of-of-modules-9487