Executive Summary
Summary | |
---|---|
Title | apache-perl chunk handling vulnerability |
Informations | |||
---|---|---|---|
Name | DSA-133 | First vendor Publication | 2002-06-20 |
Vendor | Debian | Last vendor Modification | 2002-06-20 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution. This has been fixed in version 1.3.9-14.1-1.21.20000309-1 of the Debian apache-perl package and we recommand that you upgrade your apache-perl package immediately. An update for the soon to be released Debian GNU/Linux 3.0/woody distribution will be available soon. Debian 2.2 (stable) |
Original Source
Url : http://www.debian.org/security/2002/dsa-133 |
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Apache chunked encoding buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 131-1 (apache) File : nvt/deb_131_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 132-1 (apache-ssl) File : nvt/deb_132_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
838 | Apache HTTP Server Chunked Encoding Remote Overflow Apache Web Server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to the mechanism that calculates the size of "chunked" encoding not properly interpreting the buffer size of data being transferred. By sending a specially crafted chunk of data, an attacker can possibly execute arbitrary code or crash the server. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-07-10 | Apache Chunked-Encoding worm attempt RuleID : 31405-community - Revision : 2 - Type : SERVER-APACHE |
2014-11-16 | Apache Chunked-Encoding worm attempt RuleID : 31405 - Revision : 2 - Type : SERVER-APACHE |
2014-01-10 | Apache Chunked-Encoding worm attempt RuleID : 1809-community - Revision : 19 - Type : SERVER-APACHE |
2014-01-10 | Apache Chunked-Encoding worm attempt RuleID : 1809 - Revision : 19 - Type : SERVER-APACHE |
2014-01-10 | apache chunked encoding memory corruption exploit attempt RuleID : 1808-community - Revision : 16 - Type : SERVER-WEBAPP |
2014-01-10 | apache chunked encoding memory corruption exploit attempt RuleID : 1808 - Revision : 16 - Type : SERVER-WEBAPP |
2014-01-10 | Chunked-Encoding transfer with no data attempt RuleID : 1807-community - Revision : 26 - Type : POLICY-OTHER |
2014-01-10 | Chunked-Encoding transfer with no data attempt RuleID : 1807 - Revision : 24 - Type : POLICY-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_32380.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_32423.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33252.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33253.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33256.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33257.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33280.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-131.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-132.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-133.nasl - Type : ACT_GATHER_INFO |
2004-09-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-039.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-126.nasl - Type : ACT_GATHER_INFO |
2002-06-17 | Name : The remote web server is vulnerable to a remote code execution attack. File : apache_chunked_encoding.nasl - Type : ACT_MIXED_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:45 |
|