-
Buffer overflow in Apache 1.3.x prior to 1.3.26
-
Also 2.x prior to 2.0.39
-
Originally claimed not to be exploitable on x86, but a
working exploit -- and a worm that attacks Apache on FreeBSD -- soon appeared
-
If you're using 1.3, upgrading to 1.3.26 works.... However,
when a server running 2.0.39 is attacked, worker processes/threads can
hang, leading to resource exhaustion -- especially on systems that don't
use threading (patch is already in the Apache source tree and the FreeBSD
port)
-
Installation of mod_blowchunks (for Apache 1.3.x only
right now) recommended to block attacks and report infections
-
Produces a message like the following:
[Sat Jun 22 17:42:47 2002] [error] [client X.X.X.X] Transfer-Encoding:
chunked - denied and logged
|