Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
This issue has been addressed in Apache 2.0.46. Users are advised to upgrade.
Red Hat has released an advisory (RHSA-2003:186-01) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.
Gentoo Linux users who are running net-www/apache-2.x may upgrade to apache-2.0.46 with the following commands:
Yellow Dog Linux has released an advisory containing fixes to address this issue. Users are advised to upgrade as soon as possible.
HP has released advisory HPSBUX0307-269 (rev.1) and fixes to address this issue.
Fixes are available:
HP HP-UX Apache-Based Web Server 1.0 .04.01
HP HP-UX Apache-Based Web Server 1.0 .05.01
HP HP-UX Apache-Based Web Server 1.0 .01
HP HP-UX Apache-Based Web Server 1.0 .03.01
HP HP-UX Apache-Based Web Server 1.0 .02.01
HP HP-UX Apache-Based Web Server 1.0.1 .01
Apache Apache 2.0.40
Apache Apache 2.0.41
Apache Apache 2.0.42
Apache Apache 2.0.43
Apache Apache 2.0.44
Apache Apache 2.0.45