1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200508-15 / apache |
| Release Date | August 25, 2005 |
| Latest Revision | December 30, 2007: 03 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| www-servers/apache | < 2.0.54-r9 | >= 2.0.54-r9, < 2.0 | All supported architectures |
Related bugreports: #102991
A bug in Apache may allow a remote attacker to perform a Denial of Service attack.
The Apache HTTP Server Project is a featureful, freely-available HTTP (Web) server.
Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts.
A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap space on the server, resulting in a Denial of Service of the Apache server.
There is no known workaround at this time.
All apache users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.54-r9" |