Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability

Solution:
This issue has been addressed in Apache 2.0.46. Users are advised to upgrade.

Red Hat has released an advisory (RHSA-2003:186-01) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo Linux users who are running net-www/apache-2.x may upgrade to apache-2.0.46 with the following commands:

emerge sync
emerge apache
emerge clean

Yellow Dog Linux has released an advisory containing fixes to address this issue. Users are advised to upgrade as soon as possible.

HP has released advisory HPSBUX0307-269 (rev.1) and fixes to address this issue.

Fixes are available:


Redhat httpd-manual-2.0.40-21.i386.rpm

Redhat httpd-2.0.40-8.i386.rpm

Redhat httpd-2.0.40-21.i386.rpm

Redhat httpd-manual-2.0.40-8.i386.rpm

Redhat httpd-devel-2.0.40-21.i386.rpm

Redhat httpd-devel-2.0.40-8.i386.rpm

Redhat mod_ssl-2.0.40-8.i386.rpm

Redhat mod_ssl-2.0.40-21.i386.rpm

HP HP-UX Apache-Based Web Server 1.0 .04.01

HP HP-UX Apache-Based Web Server 1.0 .05.01

HP HP-UX Apache-Based Web Server 1.0 .01

HP HP-UX Apache-Based Web Server 1.0 .03.01

HP HP-UX Apache-Based Web Server 1.0 .02.01

HP HP-UX Apache-Based Web Server 1.0.1 .01

Apache Apache 2.0.40

Apache Apache 2.0.41

Apache Apache 2.0.42

Apache Apache 2.0.43

Apache Apache 2.0.44

Apache Apache 2.0.45


 

Privacy Statement
Copyright 2010, SecurityFocus