|
Abstract |
PQ89899 resolves a security exposure for configurations
using mod_proxy in IBM® HTTP Server V1.3.26 and V1.3.28, as described in
CAN-2004-0492. |
|
Content |
A security issue has been reported in mod_proxy that
impacts IBM HTTP Server V1.3.26 and V1.3 28 when mod_proxy is enabled and
configured.
IBM HTTP Server V2.0 and IBM HTTP Server V1.3.19.* are NOT affected.
The mod_proxy module is not enabled by default at IBM HTTP Server
install time. To determine if you are using mod_proxy you can review your
httpd.conf file.
The security issue is a buffer overflow which can be triggered by getting
mod_proxy to connect to a remote server which returns an invalid
(negative) Content-Length. This results in a memcpy to the heap with a
large length value, which will in most cases cause the IBM HTTP Server
child to crash. This does not represent a significant Denial of Service
attack as requests will continue to be handled by other IBM HTTP Server
child processes.
Configurations that load mod_proxy to proxy HTTP requests to arbitrary
Web sites are at most risk. This attack relies on an origin server
crafting a reply designed specifically to attack the proxy server. Under
some circumstances it may be possible to exploit this issue to cause
arbitrary code execution. Those that use mod_proxy in a 'reverse proxy'
configuration have control over the origin servers to which mod_proxy is
allowed to connect, so the risk of exposure in that configuration is
significantly reduced. |
|
|