USN-23-1: apache2 vulnerability
12 November 2004
apache2 vulnerability
Releases
Details
Chintan Trivedi discovered a Denial of Service vulnerability in
apache2. The field length limit was not enforced for certain malicious
requests. This could allow a remote attacker who is able to send large
amounts of data to a server to cause HTTP server instances to consume
proportional amounts of memory, which can render the service
unavailable.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
apache2-mpm-worker
-
-
apache2-mpm-perchild
-
-
apache2-mpm-prefork
-
-
apache2-mpm-threadpool
-
In general, a standard system update will make all the necessary changes.