Executive Summary
Summary | |
---|---|
Title | Apache chunk handling vulnerability, update |
Informations | |||
---|---|---|---|
Name | DSA-131 | First vendor Publication | 2002-06-19 |
Vendor | Debian | Last vendor Modification | 2002-06-19 |
Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The DSA-131-1 advisory for the Apache chunk handling vulnerability contained an error and was missing some essential information: * The upstream fix was for the 1.3 series was made in version 1.3.26, not version 1.3.16 as the advisory incorrectly stated * The package upgrade does not restart the apache server automatically, this will have to be done manually. Please make sure your configuration is correct ("apachectl configtest" will verify that for you) and restart it using "/etc/init.d/apache restart" For details on the vulnerability and the updated packages please see the original advisory or visit the Debian security web-pages (available at http://www.debian.org/security/). - -- |
Original Source
Url : http://www.debian.org/security/2002/dsa-131 |
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Apache chunked encoding buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 131-1 (apache) File : nvt/deb_131_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 132-1 (apache-ssl) File : nvt/deb_132_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
838 | Apache HTTP Server Chunked Encoding Remote Overflow Apache Web Server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to the mechanism that calculates the size of "chunked" encoding not properly interpreting the buffer size of data being transferred. By sending a specially crafted chunk of data, an attacker can possibly execute arbitrary code or crash the server. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-07-10 | Apache Chunked-Encoding worm attempt RuleID : 31405-community - Revision : 2 - Type : SERVER-APACHE |
2014-11-16 | Apache Chunked-Encoding worm attempt RuleID : 31405 - Revision : 2 - Type : SERVER-APACHE |
2014-01-10 | Apache Chunked-Encoding worm attempt RuleID : 1809-community - Revision : 19 - Type : SERVER-APACHE |
2014-01-10 | Apache Chunked-Encoding worm attempt RuleID : 1809 - Revision : 19 - Type : SERVER-APACHE |
2014-01-10 | apache chunked encoding memory corruption exploit attempt RuleID : 1808-community - Revision : 16 - Type : SERVER-WEBAPP |
2014-01-10 | apache chunked encoding memory corruption exploit attempt RuleID : 1808 - Revision : 16 - Type : SERVER-WEBAPP |
2014-01-10 | Chunked-Encoding transfer with no data attempt RuleID : 1807-community - Revision : 26 - Type : POLICY-OTHER |
2014-01-10 | Chunked-Encoding transfer with no data attempt RuleID : 1807 - Revision : 24 - Type : POLICY-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_32380.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_32423.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33252.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33253.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33256.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33257.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33280.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-131.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-132.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-133.nasl - Type : ACT_GATHER_INFO |
2004-09-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-039.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-126.nasl - Type : ACT_GATHER_INFO |
2002-06-17 | Name : The remote web server is vulnerable to a remote code execution attack. File : apache_chunked_encoding.nasl - Type : ACT_MIXED_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:41 |
|