ID CVE-2008-2364
Summary The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0.63
    cpe:2.3:a:apache:http_server:2.0.63
  • Apache Software Foundation Apache HTTP Server 2.2.8
    cpe:2.3:a:apache:http_server:2.2.8
CVSS
Base: 5.0 (as of 16-06-2008 - 09:42)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Web Servers
    NASL id APACHE_2_0_64.NASL
    description According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including 'mod_deflate', are vulnerable to a denial of service attack as the server can be forced to utilize CPU time compressing a large file after client disconnect. (CVE-2009-1891) - An unspecified error exists in 'mod_proxy' related to filtration of authentication credentials. (CVE-2009-3095) - A NULL pointer dereference issue exists in 'mod_proxy_ftp' in some error handling paths. (CVE-2009-3094) - An error exists in 'mod_ssl' making the server vulnerable to the TLC renegotiation prefix injection attack. (CVE-2009-3555) - An error exists in the handling of subrequests such that the parent request headers may be corrupted. (CVE-2010-0434) - An error exists in 'mod_proxy_http' when handling excessive interim responses making it vulnerable to a denial of service attack. (CVE-2008-2364) - An error exists in 'mod_isapi' that allows the module to be unloaded too early, which leaves orphaned callback pointers. (CVE-2010-0425) - An error exists in 'mod_proxy_ftp' when wildcards are in an FTP URL, which allows for cross-site scripting attacks. (CVE-2008-2939) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 50069
    published 2010-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50069
    title Apache 2.0.x < 2.0.64 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-007.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 34374
    published 2008-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34374
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-007)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C84DC9AD41F711DDA4F900163E000016.NASL
    description Apache HTTP server project reports : The following potential security flaws are addressed : - CVE-2008-2364: mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. - CVE-2007-6420: mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33242
    published 2008-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33242
    title FreeBSD : apache -- multiple vulnerabilities (c84dc9ad-41f7-11dd-a4f9-00163e000016)
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL
    description According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69301
    published 2013-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69301
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0967.NASL
    description Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the 'ProxyRemoteMatch' directive in the Red Hat Enterprise Linux 4 httpd packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red Hat Enterprise Linux 5 packages. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37062
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37062
    title CentOS 3 / 4 / 5 : httpd (CESA-2008:0967)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-731-1.NASL
    description It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203) It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420) It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678) It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168) It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364) It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 36589
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36589
    title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : apache2 vulnerabilities (USN-731-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081111_HTTPD_ON_SL3_X.NASL
    description A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the 'ProxyRemoteMatch' directive in the Scientific Linux 4 httpd packages. This bug is not present in the Scientific Linux 3 or Scientific Linux 5 packages.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60493
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60493
    title Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-195.NASL
    description A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses (CVE-2008-2364). A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). The updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37114
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37114
    title Mandriva Linux Security Advisory : apache (MDVSA-2008:195)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-6054.NASL
    description A DoS condition in apache2's mod_proxy has been fixed. CVE-2008-2364 has been assigned to this issue.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 35920
    published 2009-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35920
    title openSUSE 10 Security Update : apache2 (apache2-6054)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6393.NASL
    description This update includes the latest release of httpd 2.2. Two security issues are fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. A remote attacker enabling compression in an SSL handshake could cause a memory leak in the server, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 33840
    published 2008-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33840
    title Fedora 9 : httpd-2.2.9-1.fc9 (2008-6393)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6314.NASL
    description This update includes the latest release of httpd 2.2. A security issue is fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-05
    plugin id 33839
    published 2008-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33839
    title Fedora 8 : httpd-2.2.9-1.fc8 (2008-6314)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0967.NASL
    description From Red Hat Security Advisory 2008:0967 : Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the 'ProxyRemoteMatch' directive in the Red Hat Enterprise Linux 4 httpd packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red Hat Enterprise Linux 5 packages. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67760
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67760
    title Oracle Linux 3 / 4 / 5 : httpd (ELSA-2008-0967)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0967.NASL
    description Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the 'ProxyRemoteMatch' directive in the Red Hat Enterprise Linux 4 httpd packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red Hat Enterprise Linux 5 packages. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34751
    published 2008-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34751
    title RHEL 3 / 4 / 5 : httpd (RHSA-2008:0967)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-6035.NASL
    description A DoS condition in apache2's mod_proxy has been fixed. CVE-2008-2364 has been assigned to this issue.
    last seen 2019-02-21
    modified 2013-07-20
    plugin id 41473
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41473
    title SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6035)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200807-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200807-06 (Apache: Denial of Service) Multiple vulnerabilities have been discovered in Apache: Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678). Ryujiro Shibuya reported that the ap_proxy_http_process_response() function in the mod_proxy module does not limit the number of forwarded interim responses (CVE-2008-2364). sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420). Impact : A remote attacker could exploit these vulnerabilities by connecting to an Apache httpd, by causing an Apache proxy server to connect to a malicious server, or by enticing a balancer administrator to connect to a specially crafted URL, resulting in a Denial of Service of the Apache daemon. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 33473
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33473
    title GLSA-200807-06 : Apache: Denial of Service
  • NASL family Web Servers
    NASL id APACHE_2_2_9.NASL
    description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.9. It is, therefore, affected by multiple vulnerabilities : - Improper handling of excessive forwarded interim responses may cause denial of service conditions in mod_proxy_http. (CVE-2008-2364) - A cross-site request forgery vulnerability in the balancer-manager interface of mod_proxy_balancer. (CVE-2007-6420) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 33477
    published 2008-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33477
    title Apache 2.2.x < 2.2.9 Multiple Vulnerabilities (DoS, XSS)
oval via4
  • accepted 2014-07-14T04:00:10.541-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Apache HTTP Server 2.0.x is installed on the system
      oval oval:org.mitre.oval:def:8605
    • comment Apache HTTP Server 2.2.x is installed on the system
      oval oval:org.mitre.oval:def:8550
    description The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
    family windows
    id oval:org.mitre.oval:def:11713
    status accepted
    submitted 2010-07-27T17:30:00.000-05:00
    title Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
    version 11
  • accepted 2015-04-20T04:02:29.943-04:00
    class vulnerability
    contributors
    • name Michael Wood
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
    family unix
    id oval:org.mitre.oval:def:6084
    status accepted
    submitted 2008-08-28T13:04:06.000-04:00
    title HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
    version 42
  • accepted 2013-04-29T04:20:24.353-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
    family unix
    id oval:org.mitre.oval:def:9577
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
    version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0966
  • rhsa
    id RHSA-2008:0967
rpms
  • httpd-0:2.0.46-71.ent
  • httpd-devel-0:2.0.46-71.ent
  • mod_ssl-0:2.0.46-71.ent
  • httpd-0:2.0.52-41.ent.2
  • httpd-devel-0:2.0.52-41.ent.2
  • httpd-manual-0:2.0.52-41.ent.2
  • httpd-suexec-0:2.0.52-41.ent.2
  • mod_ssl-0:2.0.52-41.ent.2
  • httpd-0:2.2.3-11.el5_2.4
  • httpd-devel-0:2.2.3-11.el5_2.4
  • httpd-manual-0:2.2.3-11.el5_2.4
  • mod_ssl-0:2.2.3-11.el5_2.4
refmap via4
aixapar PK67579
apple APPLE-SA-2008-10-09
bid
  • 29653
  • 31681
bugtraq
  • 20080729 rPSA-2008-0236-1 httpd mod_ssl
  • 20081122 rPSA-2008-0328-1 httpd mod_ssl
confirm
fedora
  • FEDORA-2008-6314
  • FEDORA-2008-6393
gentoo GLSA-200807-06
hp
  • HPSBUX02365
  • HPSBUX02401
  • HPSBUX02465
  • SSRT080118
  • SSRT090005
  • SSRT090192
mandriva
  • MDVSA-2008:195
  • MDVSA-2008:237
sectrack 1020267
secunia
  • 30621
  • 31026
  • 31404
  • 31416
  • 31651
  • 31904
  • 32222
  • 32685
  • 32838
  • 33156
  • 33797
  • 34219
  • 34259
  • 34418
sunalert 247666
suse
  • SUSE-SR:2009:006
  • SUSE-SR:2009:007
ubuntu USN-731-1
vupen
  • ADV-2008-1798
  • ADV-2008-2780
  • ADV-2009-0320
xf apache-modproxy-module-dos(42987)
statements via4
  • contributor Mark J Cox
    lastmodified 2008-07-02
    organization Apache
    statement Fixed in Apache HTTP Server 2.2.9. http://httpd.apache.org/security/vulnerabilities_22.html
  • contributor Mark J Cox
    lastmodified 2008-06-26
    organization Red Hat
    statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 17-07-2013 - 11:44
Published 13-06-2008 - 14:41
Last modified 11-10-2018 - 16:40
Back to Top