Apache2::Request 未明漏洞

漏洞信息详情

Apache2::Request 未明漏洞

• CNNVD编号：CNNVD-200602-279
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-0042
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2006-02-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-03-17
  
• 厂        商：
  
  libapreq2
• 漏洞来源：
  libapreq2

Apache2：：Request (Libapreq2) 2.07之前版本的(1) apreq_parse_headers和(2) apreq_parse_urlencoded功能中存在未明漏洞。远程攻击者可以借助导致二次计算复杂性的未知攻击向量造成拒绝服务(CPU占用率高)。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Apache Software Foundation libapreq2 2.0.4

Debian libapache2-request-perl_2.04-dev-1sarge1_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_alpha.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_amd64.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_arm.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_hppa.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_i386.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_ia64.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_m68k.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_mips.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_mips.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_mipsel.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_mipsel.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_powerpc.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_s390.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_s390.deb

Debian libapache2-request-perl_2.04-dev-1sarge1_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge1_sparc.deb

Debian libapache2-request-perl_2.04-dev-1sarge2_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge2_alpha.deb

Debian libapache2-request-perl_2.04-dev-1sarge2_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge2_amd64.deb

Debian libapache2-request-perl_2.04-dev-1sarge2_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge2_arm.deb

Debian libapache2-request-perl_2.04-dev-1sarge2_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge2_hppa.deb

Debian libapache2-request-perl_2.04-dev-1sarge2_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge2_i386.deb

Debian libapache2-request-perl_2.04-dev-1sarge2_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge2_ia64.deb

Debian libapache2-request-perl_2.04-dev-1sarge2_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libap ache2-request-perl_2.04-dev-1sarge2_m68k.deb

Debian libapache2-request-perl_2

来源: BID

名称: 16710

链接:http://www.securityfocus.com/bid/16710

来源: VUPEN

名称: ADV-2006-0645

链接:http://www.frsirt.com/english/advisories/2006/0645

来源: DEBIAN

名称: DSA-1000

链接:http://www.debian.org/security/2006/dsa-1000

来源: SECUNIA

名称: 19139

链接:http://secunia.com/advisories/19139

来源: SECUNIA

名称: 18846

链接:http://secunia.com/advisories/18846

来源: svn.apache.org

链接:http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup

来源: svn.apache.org

链接:http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup

来源: XF

名称: libapreq2-parsing-dos(24917)

链接:http://xforce.iss.net/xforce/xfdb/24917

来源: GENTOO

名称: GLSA-200604-08

链接:http://www.gentoo.org/security/en/glsa/glsa-200604-08.xml

来源: SREASON

名称: 737

链接:http://securityreason.com/securityalert/737

来源: SECUNIA

名称: 19658

链接:http://secunia.com/advisories/19658