PQ90698: Potential denial of service exposure,
CAN-2004-0493
Downloadable files
Abstract
Potential denial of service exposure through memory
exhaustion and buffer overflow for all current versions of IBM® HTTP
Server based on Apache HTTP Server Version 2.0
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote
attackers to cause a denial of service (memory exhaustion), and possibly
an integer signedness error, leading to a heap-based buffer overflow on 64
bit systems, when using specific types of header lines and/or specific
types of characters in the header lines.
SOLUTIONS:
This CAN-2004-0493 exposure, for all affected versions of IBM HTTP Server,
is resolved with this interim fix for APAR PQ90698.
Complete list of changes in this interim fix
CAN-2004-0493 remote memory allocation vulnerability rotatelogs
ability to use local time
<VirtualHost myhost> now applies to all IP addresses for myhost
Fix mod_deflate to handle zero length responses (such as 304 response
codes)
PQ89510 PDF files corrupted with acrobat over SSL (Microsoft®
Windows®)
Unnecessary mod_expires error message in log
Microsoft Windows pool corruption at startup leading to restart
problems
Some random storage logged for excessively long request line
Product categories: Software > Application Servers >
Distributed Application & Web Servers > IBM HTTP Server > Base
Server
Operating system(s): Windows XP
Software version: 2.0.47.1
Software edition: Reference #: 4007451
IBM Group: Software Group
Modified date: Sep 30, 2005
(C) Copyright IBM Corporation 2000, 2009. All Rights
Reserved.