Security issues affecting Apache httpd 2.0.44

This page gives a list of all the vulnerabilities that are known to affect version 2.0.44 of Apache httpd. Note however that some vendor versions of Apache may already contain backported security patches for some of these issues, so if you're using a vendor-supplied version of Apache contact your vendor for details.

You can also see an alternative view of this data which lists which vulnerabilities were fixed in each version

Apache Week rates the severity of each issue based on the overall impact to users

Examine another version -- 2.0.52 -- 2.0.51 -- 2.0.50 -- 2.0.49 -- 2.0.48 -- 2.0.47 -- 2.0.46 -- 2.0.45 -- 2.0.44 -- 2.0.43 -- 2.0.42 -- 2.0.40 -- 2.0.39 -- 2.0.37 -- 2.0.36 -- 2.0.35 -- 1.3.32 -- 1.3.31 -- 1.3.29 -- 1.3.28 -- 1.3.27 -- 1.3.26 -- 1.3.24 -- 1.3.22 -- 1.3.20 -- 1.3.19 -- 1.3.17 -- 1.3.14 -- 1.3.12 -- 1.3.11 -- 1.3.9 -- 1.3.6 -- 1.3.4 -- 1.3.3 -- 1.3.2 -- 1.3.1 -- 1.3.0

critical: IPv6 URI parsing heap overflow CAN-2004-0786

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. One some BSD systems it is believed this flaw may be able to lead to remote code execution.

critical: APR remote crash CAN-2003-0245

A vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.

important: Memory consumption DoS CAN-2004-0942

An issue was discovered where the field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server the ability to cause Apache children to consume proportional amounts of memory, leading to a denial of service.

important: listening socket starvation CAN-2004-0174

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux.

important: mod_ssl memory leak CVE-2004-0113

A memory leak in mod_ssl allows a remote denial of service attack against an SSL-enabled server by sending plain HTTP requests to the SSL port.

important: Remote DoS with multiple Listen directives CAN-2003-0253

In a server with multiple listening sockets a certain error returned by accept() on a rarely access port can cause a temporary denial of service, due to a bug in the prefork MPM.

important: Basic Authentication DoS CAN-2003-0189

A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used.

important: Line feed memory leak DoS CAN-2003-0132

Apache 2.0 versions before Apache 2.0.45 had a significant Denial of Service vulnerability. Remote attackers could cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

moderate: SSLCipherSuite bypass CAN-2004-0885

An issue has been discovered in the mod_ssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration.

moderate: CGI output information leak CAN-2003-0789

A bug in mod_cgid mishandling of CGI redirect paths can result in CGI output going to the wrong client when a threaded MPM is used.

moderate: Remote DoS via IPv6 ftp proxy CAN-2003-0254

When a client requests that proxy ftp connect to a ftp server with IPv6 address, and the proxy is unable to create an IPv6 socket, an infinite loop occurs causing a remote Denial of Service.

low: Environment variable expansion flaw CAN-2004-0747

The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user.

low: Malicious SSL proxy can cause crash CAN-2004-0751

An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue is not believed to allow execution of arbitrary code and will only result in a denial of service where a threaded process model is in use.

low: WebDAV remote crash CAN-2004-0809

An issue was discovered in the mod_dav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK requests. This issue does not allow execution of arbitrary code. and will only result in a denial of service where a threaded process model is in use.

low: FakeBasicAuth overflow CAN-2004-0488

A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited by an attacker using a (trusted) client certificate with a subject DN field which exceeds 6K in length.

low: Error log escape filtering CVE-2003-0020

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

low: Local configuration regular expression overflow CAN-2003-0542

By using a regular expression with more than 9 captures a buffer overflow can occur in mod_alias or mod_rewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file (.htaccess or httpd.conf)

low: mod_ssl renegotiation issue CAN-2003-0192

A bug in the optional renegotiation code in mod_ssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used (SSLOptions +OptRenegotiate) along with verification of client certificates and a change to the cipher suite over the renegotiation.

low: Filtered escape sequences CAN-2003-0083

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

important: SSL connection infinite loop CAN-2004-0748

An issue was discovered in the mod_ssl module in Apache 2.0. A remote attacker who forces an SSL connection to be aborted in a particular state may cause an Apache child process to enter an infinite loop, consuming CPU resources.

important: Header parsing memory leak CAN-2004-0493

A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption.

important: OS2 device name DoS CAN-2003-0134

Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service vulnerability caused by device names.