A bug in Apache may allow a remote attacker to perform a Denial of Service attack.
Package | www-servers/apache on all architectures |
---|---|
Affected versions | < 2.0.54-r9 |
Unaffected versions | >= 2.0.54-r9 < 2.0 |
The Apache HTTP Server Project is a featureful, freely-available HTTP (Web) server.
Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts.
A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap space on the server, resulting in a Denial of Service of the Apache server.
There is no known workaround at this time.
All apache users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.54-r9"
Release date
August 25, 2005
Latest revision
December 30, 2007: 03
Severity
normal
Exploitable
remote
Bugzilla entries