FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2364

This CVE name corresponds to:

Entered Topic
2008-06-24 apache -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2364 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-2364
Phase Assigned(20080521)

Description

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

References

Source Reference
BUGTRAQ 20080729 rPSA-2008-0236-1 httpd mod_ssl
BUGTRAQ 20081122 rPSA-2008-0328-1 httpd mod_ssl
CONFIRM http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27008517
CONFIRM http://support.apple.com/kb/HT3216
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
AIXAPAR PK67579
APPLE APPLE-SA-2008-10-09
FEDORA FEDORA-2008-6314
FEDORA FEDORA-2008-6393
GENTOO GLSA-200807-06
HP HPSBUX02365
HP SSRT080118
HP HPSBUX02401
HP SSRT090005
HP HPSBUX02465
HP SSRT090192
MANDRIVA MDVSA-2008:195
MANDRIVA MDVSA-2008:237
REDHAT RHSA-2008:0967
REDHAT RHSA-2008:0966
SUNALERT 247666
SUSE SUSE-SR:2009:006
SUSE SUSE-SR:2009:007
UBUNTU USN-731-1
BID 29653
BID 31681
OVAL oval:org.mitre.oval:def:6084
OVAL oval:org.mitre.oval:def:11713
OVAL oval:org.mitre.oval:def:9577
SECUNIA 34259
SECUNIA 34219
SECUNIA 34418
VUPEN ADV-2008-1798
VUPEN ADV-2008-2780
VUPEN ADV-2009-0320
SECTRACK 1020267
SECUNIA 30621
SECUNIA 31026
SECUNIA 31404
SECUNIA 31416
SECUNIA 31651
SECUNIA 31904
SECUNIA 32222
SECUNIA 32685
SECUNIA 33156
SECUNIA 33797
SECUNIA 32838
XF apache-modproxy-module-dos(42987)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.