Apache 安全漏洞

漏洞信息详情

Apache 安全漏洞

• CNNVD编号：CNNVD-200409-043
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0809
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2004-09-16
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2021-03-31
  
• 厂        商：
  
  turbolinux
• 漏洞来源：
  Julian Reschke※ ju…

Apache HTTP Server是美国阿帕奇（Apache）软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。Apache Web Server的\’\’mod_dav\’\’模块在处理LOCK命令时存在问题，远程攻击者可以利用这个漏洞对服务程序拒绝服务攻击。当Apache配置使用\’\’mod_dav\’\’模块时，接收到验证用户一特殊序列的LOCK命令时会导致Apache进程崩溃。如果Apache配置使用线程进程模型，攻击者可以完全使Apache崩溃，如果配置成使用多进程方式，攻击者可以使独立的WEB服务进程崩溃。

厂商补丁：

RedHat

——

RedHat已经为此发布了一个安全公告(RHSA-2004:463-01)以及相应补丁:

RHSA-2004:463-01：Updated httpd packages fix security issues

链接：
http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1390.1” target=”_blank”>

http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1390.1

补丁下载：

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm

118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm

i386:

d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm

47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm

31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm

ia64:

003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm

5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm

8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm

ppc:

ba15fb395941153af8a1948e815a7766 httpd-2.0.46-40.ent.ppc.rpm

2c0fea7d2609184e9c83f217467d6604 httpd-devel-2.0.46-40.ent.ppc.rpm

47af970958b311d847c371f613598860 mod_ssl-2.0.46-40.ent.ppc.rpm

s390:

665d880863e1b6d42b781c4bdf669dbc httpd-2.0.46-40.ent.s390.rpm

fb62b8c10de648d5bcc47e02283e08e2 httpd-devel-2.0.46-40.ent.s390.rpm

b76e2e9b285be2a504d2bbf0891d8d61 mod_ssl-2.0.46-40.ent.s390.rpm

s390x:

7b4e52ec167fcdc9a28ee182665cafb6 httpd-2.0.46-40.ent.s390x.rpm

5f22b40c3cc27953d3395c2ba7a025dd httpd-devel-2.0.46-40.ent.s390x.rpm

499cd6bba360fba292653ec177804487 mod_ssl-2.0.46-40.ent.s390x.rpm

x86_64:

571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm

8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm

18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm

118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm

i386:

d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm

47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm

31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm

x86_64:

571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm

8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm

18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm

118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm

i386:

d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm

47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm

31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm

ia64:

003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm

5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm

8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm

x86_64:

571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm

8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm

18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm

118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm

i386:

d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm

47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm

31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm

ia64:

003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm

5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm

8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm

x86_64:

571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm

8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm

18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm

Apache Software Foundation

————————–

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Apache Software Foundation Apache 2.0.50:

Apache Software Foundation Upgrade httpd-2.0.51.tar.gz

http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz” target=”_blank”>

http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Gentoo

——

Gentoo已经为此发布了一个安全公告(GLSA-200409-21)以及相应补丁:

GLSA-200409-21：Apache 2, mod_dav: Multiple vulnerabilities

链接：
http://security.gentoo.org/glsa/glsa-200409-21.xml” target=”_blank”>

http://security.gentoo.org/glsa/glsa-200409-21.xml

emerge sync

emerge -pv “>=net-www/apache-2.0.51”

emerge “>=net-www/apache-2.0.51”

emerge -pv “>=net-www/mod_dav-1.0.3-r2”

emerge “>=net-www/mod_dav-1.0.3-r2”

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/17366

来源:httpd.apache.org%3E

链接:httpd.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2004-463.html

来源:MANDRAKE

链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096

来源:MLIST

链接:https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.

来源:DEBIAN

链接:https://www.debian.org/security/2004/dsa-558

来源:httpd-2.0

链接:httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33

来源:CONFIRM

链接:http://cvs.apache.org/viewcvs.cgi/

来源:TRUSTIX

链接:http://www.trustix.org/errata/2004/0047/

来源:MLIST

链接:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9588

来源:GENTOO

链接:http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml

来源:MLIST

链接:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.