CVE-2002-0843
CVSS7.5
发布时间 :2002-10-11 00:00:00
修订时间 :2016-10-17 22:22:30
NMCOS    

[原文]Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.


[CNNVD]Apache AB.C Web基准Read_Connection()缓冲区溢出漏洞(CNNVD-200210-250)

        Apache 1.3.27之前版本和Apache 2.x 2.0.43之前版本中ApacheBench基准支持程序(ab.c)存在缓冲区溢出漏洞。恶意web服务器可以借助超长回复导致服务拒绝并且可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:apache:http_server:1.3.26Apache Software Foundation Apache HTTP Server 1.3.26
cpe:/a:oracle:application_server:1.0.2Oracle Application Server 9i 1.0.2
cpe:/a:apache:http_server:1.3.22Apache Software Foundation Apache HTTP Server 1.3.22
cpe:/a:apache:http_server:1.3.23Apache Software Foundation Apache HTTP Server 1.3.23
cpe:/a:oracle:oracle8i:8.1.7.1.0_enterprise
cpe:/a:apache:http_server:1.3.24Apache Software Foundation Apache HTTP Server 1.3.24
cpe:/a:apache:http_server:1.3.25Apache Software Foundation Apache HTTP Server 1.3.25
cpe:/a:oracle:application_server:1.0.2.1sOracle Application Server 9i 1.0.2.1s
cpe:/a:oracle:application_server:9.0.2:r2Oracle Oracle9i Application Server 9.0.2 r2
cpe:/a:apache:http_server:1.3.19Apache Software Foundation Apache HTTP Server 1.3.19
cpe:/a:oracle:application_server:1.0.2.2Oracle Application Server 9i 1.0.2.2
cpe:/a:oracle:oracle8i:8.1.7.0.0_enterprise
cpe:/a:oracle:database_server:8.1.7Oracle Database Server 8.1.7
cpe:/a:apache:http_server:1.3.9Apache Software Foundation Apache HTTP Server 1.3.9
cpe:/a:oracle:application_server:9.0.2.1Oracle Oracle10g Application Server 9.0.2.1
cpe:/a:apache:http_server:1.3.17Apache Software Foundation Apache HTTP Server 1.3.17
cpe:/a:oracle:oracle8i:8.1.7.1
cpe:/a:apache:http_server:1.3.18Apache Software Foundation Apache HTTP Server 1.3.18
cpe:/a:oracle:database_server:9.2.2Oracle Database Server 9.2.2
cpe:/a:apache:http_server:1.3.11Apache Software Foundation Apache HTTP Server 1.3.11
cpe:/a:apache:http_server:1.3.12Apache Software Foundation Apache HTTP Server 1.3.12
cpe:/a:apache:http_server:1.3.14Apache Software Foundation Apache HTTP Server 1.3.14
cpe:/a:apache:http_server:1.3.6Apache Software Foundation Apache HTTP Server 1.3.6
cpe:/a:apache:http_server:1.3.20Apache Software Foundation Apache HTTP Server 1.3.20
cpe:/a:apache:http_server:1.3.4Apache Software Foundation Apache HTTP Server 1.3.4
cpe:/a:apache:http_server:1.3.3Apache Software Foundation Apache HTTP Server 1.3.3
cpe:/a:oracle:application_server:9.0.2Oracle Application Server 9i 9.0.2
cpe:/a:oracle:oracle8i:8.1.7
cpe:/a:apache:http_server:1.3Apache Software Foundation Apache HTTP Server 1.3
cpe:/a:apache:http_server:1.3.1Apache Software Foundation Apache HTTP Server 1.3.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0843
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-250
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
(UNKNOWN)  SGI  20021105-01-I
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
(UNKNOWN)  BUGTRAQ  20021016 Apache 1.3.26
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
(UNKNOWN)  BUGTRAQ  20021017 TSLSA-2002-0069-apache
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
(UNKNOWN)  CONECTIVA  CLA-2002:530
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
(UNKNOWN)  CONECTIVA  CLSA-2002:530
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
(UNKNOWN)  CONFIRM  http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
http://marc.info/?l=bugtraq&m=103376585508776&w=2
(UNKNOWN)  BUGTRAQ  20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
http://online.securityfocus.com/advisories/4617
(UNKNOWN)  HP  HPSBUX0210-224
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
(UNKNOWN)  AIXAPAR  IY87070
http://www.apacheweek.com/issues/02-10-04
(VENDOR_ADVISORY)  CONFIRM  http://www.apacheweek.com/issues/02-10-04
http://www.debian.org/security/2002/dsa-187
(UNKNOWN)  DEBIAN  DSA-187
http://www.debian.org/security/2002/dsa-188
(UNKNOWN)  DEBIAN  DSA-188
http://www.debian.org/security/2002/dsa-195
(UNKNOWN)  DEBIAN  DSA-195
http://www.iss.net/security_center/static/10281.php
(UNKNOWN)  XF  apache-apachebench-response-bo(10281)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:068
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
(UNKNOWN)  ENGARDE  ESA-20021007-024
http://www.securityfocus.com/bid/5887
(UNKNOWN)  BID  5887
http://www.securityfocus.com/bid/5995
(UNKNOWN)  BID  5995
http://www.securityfocus.com/bid/5996
(UNKNOWN)  BID  5996
http://www.vupen.com/english/advisories/2006/3263
(UNKNOWN)  VUPEN  ADV-2006-3263
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
(UNKNOWN)  CONFIRM  http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871

- 漏洞信息

Apache AB.C Web基准Read_Connection()缓冲区溢出漏洞
高危 缓冲区溢出
2002-10-11 00:00:00 2005-10-20 00:00:00
远程  
        Apache 1.3.27之前版本和Apache 2.x 2.0.43之前版本中ApacheBench基准支持程序(ab.c)存在缓冲区溢出漏洞。恶意web服务器可以借助超长回复导致服务拒绝并且可能执行任意代码。

- 公告与补丁

        Please see the references for vendor advisories and fixes.
        This issue has been addressed in Apache 1.3.27.
        Sun Cobalt RaQ 4
        
        Sun Cobalt RaQ XTR
        
        Sun Cobalt RaQ 550
        
        Sun Cobalt Qube 3
        
        Apache Software Foundation Apache 1.3.19
        
        Apache Software Foundation Apache 1.3.20
        
        Apache Software Foundation Apache 1.3.22
        

- 漏洞信息

4553
Apache HTTP Server ApacheBench Overflow DoS
Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Vendor Verified

- 漏洞描述

- 时间线

2002-12-12 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
Boundary Condition Error 5996
Yes No
2002-10-03 12:00:00 2006-08-11 10:05:00
Discovery of this issue is credited to David Wagner <daw@cs.berkeley.edu>.

- 受影响的程序版本

Sun Cobalt RaQ XTR
Sun Cobalt RaQ 550
Sun Cobalt RaQ 4
Sun Cobalt Qube 3
Stonesoft StoneBeat High Availability 9.0.2 release 2
Oracle Oracle9i Standard Edition 9.2 .2
Oracle Oracle9i Standard Edition 9.2 .0.2
Oracle Oracle9i Application Server Reports 9.0.2 .1
Oracle Oracle9i Application Server Reports 9.0.2
Oracle Oracle9i Application Server 9.0.2
Oracle Oracle9i Application Server 1.0.2 .2
Oracle Oracle9i Application Server 1.0.2 .1s
Oracle Oracle9i Application Server 1.0.2
Oracle Oracle8i Standard Edition 8.1.7 .1
Oracle Oracle8i Standard Edition 8.1.7
Oracle Oracle8 8.1.7
- Microsoft Windows 2000 Professional
IBM HTTP Server 1.3.19
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- RedHat Linux 7.1
- S.u.S.E. Linux 7.1
- Sun Solaris 7.0
- Sun Solaris 2.6
IBM Hardware Management Console (HMC) 3.3.7
HP VirtualVault 4.6
- HP HP-UX 11.0 4
HP VirtualVault 4.5
- HP HP-UX 11.0 4
HP OpenView Network Node Manager 6.2 Solaris
- Sun Solaris 2.5.1
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
HP OpenView Network Node Manager 6.2 HP-UX 11.X
- HP HP-UX 11.11
- HP HP-UX 11.0
HP OpenView Network Node Manager 6.2 HP-UX 10.X
- HP HP-UX 10.20
HP HP-UX 11.22
HP HP-UX 11.20
HP HP-UX 11.11
HP HP-UX 11.0
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
+ OpenBSD OpenBSD 3.1
+ Oracle Oracle HTTP Server 9.2 .0
+ Oracle Oracle HTTP Server 9.0.1
+ Oracle Oracle9i Application Server 9.0.2
+ Oracle Oracle9i Application Server 1.0.2 .2
+ Oracle Oracle9i Application Server 1.0.2 .1s
+ Oracle Oracle9i Application Server 1.0.2
+ Slackware Linux 8.1
+ Unisphere Networks SDX-300 2.0.3
Apache Software Foundation Apache 1.3.23
- IBM AIX 4.3
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.22
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
Apache Software Foundation Apache 1.3.20
- HP HP-UX 11.22
- HP HP-UX 11.20
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ SGI IRIX 6.5.18
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.14
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.13
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.12
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
+ Sun Solaris 9_x86 Update 2
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun SunOS 5.9 _x86
+ Sun SunOS 5.9
Apache Software Foundation Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.20
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
+ Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 3.0
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- SGI IRIX 6.5.8
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
- MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Software Foundation Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0
+ Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
+ Sun SunOS 5.8 _x86
+ Sun SunOS 5.8
Apache Software Foundation Apache 1.3.6
+ Sun Cobalt ManageRaQ3 3000R-mr
+ Sun Cobalt RaQ3 3000R
+ Sun Cobalt Velociraptor
Apache Software Foundation Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
HP OpenView Network Node Manager 5.0.2 Windows NT 3.51/4.0
HP OpenView Network Node Manager 5.0 1 Solaris
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
- Sun Solaris 2.4
HP OpenView Network Node Manager 5.0 1 HP-UX
- HP HP-UX 10.34
- HP HP-UX 10.30
- HP HP-UX 10.20
- HP HP-UX 10.16
- HP HP-UX 10.10
- HP HP-UX 10.9
- HP HP-UX 10.8
- HP HP-UX 10.1 0
- HP HP-UX 10.0 1
- HP HP-UX 10.0
- HP HP-UX (VVOS) 10.24
HP OpenView Network Node Manager 5.0 1
- HP HP-UX 11.0
- HP HP-UX 10.20
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19

- 不受影响的程序版本

HP OpenView Network Node Manager 5.0.2 Windows NT 3.51/4.0
HP OpenView Network Node Manager 5.0 1 Solaris
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
- Sun Solaris 2.4
HP OpenView Network Node Manager 5.0 1 HP-UX
- HP HP-UX 10.34
- HP HP-UX 10.30
- HP HP-UX 10.20
- HP HP-UX 10.16
- HP HP-UX 10.10
- HP HP-UX 10.9
- HP HP-UX 10.8
- HP HP-UX 10.1 0
- HP HP-UX 10.0 1
- HP HP-UX 10.0
- HP HP-UX (VVOS) 10.24
HP OpenView Network Node Manager 5.0 1
- HP HP-UX 11.0
- HP HP-UX 10.20
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19

- 漏洞讨论

A buffer-overflow condition has been reported in the ab.c web-benchmarking utility provided with Apache webserver.

A malicious attacker may be able to exploit this overflow condition. The vulnerability is the result of improper bounds-checking when processing command-line options to 'ab'.

Since the program is not setuid, this vulnerability does not have a local impact. However, this may be an issue if the program is called from a CGI script. An attacker may be able to supply malformed command-line parameters to the program and cause the overflow to occur.

NOTE: This vulnerability was originally discussed in BugTraq ID 5887. It is now being assigned an individual BID.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Please see the references for vendor advisories and fixes.

This issue has been addressed in Apache 1.3.27.


Sun Cobalt RaQ 4

Sun Cobalt RaQ XTR

Sun Cobalt RaQ 550

Sun Cobalt Qube 3

Apache Software Foundation Apache 1.3.19

Apache Software Foundation Apache 1.3.20

Apache Software Foundation Apache 1.3.22

Apache Software Foundation Apache 1.3.23

Apache Software Foundation Apache 1.3.24

Apache Software Foundation Apache 1.3.25

Apache Software Foundation Apache 1.3.26

Apache Software Foundation Apache 1.3.9

HP HP-UX 11.0

HP HP-UX 11.11

HP HP-UX 11.20

HP HP-UX 11.22

IBM Hardware Management Console (HMC) 3.3.7

HP VirtualVault 4.5

HP VirtualVault 4.6

HP OpenView Network Node Manager 6.2 Solaris

HP OpenView Network Node Manager 6.2 HP-UX 11.X

HP OpenView Network Node Manager 6.2 HP-UX 10.X

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站