• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability

Solution:
This issue has been addressed in Apache 2.0.46. Users are advised to upgrade.

Red Hat has released an advisory (RHSA-2003:186-01) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo Linux users who are running net-www/apache-2.x may upgrade to apache-2.0.46 with the following commands:

emerge sync
emerge apache
emerge clean

Yellow Dog Linux has released an advisory containing fixes to address this issue. Users are advised to upgrade as soon as possible.

HP has released advisory HPSBUX0307-269 (rev.1) and fixes to address this issue.

Fixes are available:


RedHat httpd-manual-2.0.40-21.i386.rpm

• Red Hat httpd-manual-2.0.40-21.3.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-manual-2.0.40-21.3.i386.rp m

RedHat httpd-2.0.40-8.i386.rpm

• Red Hat httpd-2.0.40-11.5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-2.0.40-11.5.i386.rpm

RedHat httpd-2.0.40-21.i386.rpm

• Red Hat httpd-2.0.40-21.3.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-2.0.40-21.3.i386.rpm

RedHat httpd-manual-2.0.40-8.i386.rpm

• Red Hat httpd-manual-2.0.40-11.5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-manual-2.0.40-11.5.i386. rpm

RedHat httpd-devel-2.0.40-21.i386.rpm

• Red Hat httpd-devel-2.0.40-21.3.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-devel-2.0.40-21.3.i386.rpm

RedHat httpd-devel-2.0.40-8.i386.rpm

• Red Hat httpd-devel-2.0.40-11.5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-devel-2.0.40-11.5.i386.r pm

RedHat mod_ssl-2.0.40-8.i386.rpm

• Red Hat mod_ssl-2.0.40-11.5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.5.i386.rpm

RedHat mod_ssl-2.0.40-21.i386.rpm

• Red Hat mod_ssl-2.0.40-21.3.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mod_ssl-2.0.40-21.3.i386.rpm

HP HP-UX Apache-Based Web Server 1.0 .04.01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .05.01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .03.01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .02.01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0.1 .01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

Apache Software Foundation Apache 2.0.40

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/


• Terra Soft Solutions httpd-2.0.40-21.3a.ppc.rpm
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ppc/h ttpd-2.0.40-21.3a.ppc.rpm


• Terra Soft Solutions httpd-devel-2.0.40-21.3a.ppc.rpm
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ppc/h ttpd-devel-2.0.40-21.3a.ppc.rpm


• Terra Soft Solutions httpd-manual-2.0.40-21.3a.ppc.rpm
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ppc/h ttpd-manual-2.0.40-21.3a.ppc.rpm

Apache Software Foundation Apache 2.0.41

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.42

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.43

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.44

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/


• Mandrake apache-conf-2.0.45-2.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache-conf-2.0.45-2.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-common-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-common-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-devel-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-devel-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-manual-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-manual-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_dav-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_dav-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ldap-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ldap-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ssl-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ssl-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-modules-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-modules-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-source-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-source-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libapr0-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libapr0-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php

Apache Software Foundation Apache 2.0.45

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/


• Conectiva apache-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_2cl. i386.rpm


• Conectiva apache-devel-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U9 0_2cl.i386.rpm


• Conectiva apache-doc-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_ 2cl.i386.rpm


• Conectiva apache-htpasswd-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-2879 0U90_2cl.i386.rpm


• Conectiva libapr-devel-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U9 0_2cl.i386.rpm


• Conectiva libapr-devel-static-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45- 28790U90_2cl.i386.rpm


• Conectiva libapr0-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_2cl .i386.rpm


• Conectiva mod_auth_ldap-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U 90_2cl.i386.rpm


• Conectiva mod_dav-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_2cl .i386.rpm