CVE-2008-2364

Published Jun 13, 2008

Last updated 2 years ago

Overview

Description: The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-770

Vendor comments

ApacheFixed in Apache HTTP Server 2.2.9. http://httpd.apache.org/security/vulnerabilities_22.html
Red HatRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "838655CB-43E7-4BDA-A80C-2314C9870717",
            "versionEndExcluding": "2.0.64",
            "versionStartIncluding": "2.0.35"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34357005-C9AF-472E-8189-60713E340DF7",
            "versionEndExcluding": "2.2.9",
            "versionStartIncluding": "2.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1CA1D49-76E7-4195-98AF-BE916040ECC3"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4814716C-514C-40F7-A59B-ED61F14658DA"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "397313C3-6BF5-4A87-90B3-55678E807171"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2FE6DAA-4702-409A-98B6-DE13B12805A1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Vendor comments

Configurations

References