Upstream information

CVE-2008-2364 at MITRE

Description

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 408832 [RESOLVED / FIXED], 422464 [RESOLVED / FIXED], 443824 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • apache2 >= 2.2.10-2.24.5
  • apache2-doc >= 2.2.10-2.24.5
  • apache2-example-pages >= 2.2.10-2.24.5
  • apache2-prefork >= 2.2.10-2.24.5
  • apache2-utils >= 2.2.10-2.24.5
  • apache2-worker >= 2.2.10-2.24.5
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA apache2
SUSE Linux Enterprise Server 11 SP2
  • apache2 >= 2.2.12-1.28.1
  • apache2-doc >= 2.2.12-1.28.1
  • apache2-example-pages >= 2.2.12-1.28.1
  • apache2-prefork >= 2.2.12-1.28.1
  • apache2-utils >= 2.2.12-1.28.1
  • apache2-worker >= 2.2.12-1.28.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA apache2
SUSE Linux Enterprise Server 11 SP3
  • apache2 >= 2.2.12-1.38.2
  • apache2-doc >= 2.2.12-1.38.2
  • apache2-example-pages >= 2.2.12-1.38.2
  • apache2-prefork >= 2.2.12-1.38.2
  • apache2-utils >= 2.2.12-1.38.2
  • apache2-worker >= 2.2.12-1.38.2
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA apache2
SUSE Linux Enterprise Server 11 SP4
  • apache2 >= 2.2.12-1.51.52.1
  • apache2-doc >= 2.2.12-1.51.52.1
  • apache2-example-pages >= 2.2.12-1.51.52.1
  • apache2-prefork >= 2.2.12-1.51.52.1
  • apache2-utils >= 2.2.12-1.51.52.1
  • apache2-worker >= 2.2.12-1.51.52.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA apache2
SUSE Linux Enterprise Software Development Kit 11 SP4
  • apache2 >= 2.2.12-1.51.52.1
  • apache2-devel >= 2.2.12-1.51.52.1
  • apache2-doc >= 2.2.12-1.51.52.1
  • apache2-example-pages >= 2.2.12-1.51.52.1
  • apache2-prefork >= 2.2.12-1.51.52.1
  • apache2-utils >= 2.2.12-1.51.52.1
  • apache2-worker >= 2.2.12-1.51.52.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA apache2
openSUSE 11.0
  • apache2-debuginfo >= 2.2.8-28.4
  • apache2-debugsource >= 2.2.8-28.4
openSUSE 11.0
  • apache2 >= 2.2.8-28.4
  • apache2-devel >= 2.2.8-28.4
  • apache2-doc >= 2.2.8-28.4
  • apache2-example-pages >= 2.2.8-28.4
  • apache2-prefork >= 2.2.8-28.4
  • apache2-utils >= 2.2.8-28.4
  • apache2-worker >= 2.2.8-28.4
SUSE Linux Enterprise SDK 10 SP2
  • apache2 >= 2.2.3-16.21
  • apache2-devel >= 2.2.3-16.21
  • apache2-doc >= 2.2.3-16.21
  • apache2-example-pages >= 2.2.3-16.21
  • apache2-prefork >= 2.2.3-16.21
  • apache2-worker >= 2.2.3-16.21
sles10-sp2.s390x
sle10-sp2-sdk.s390x
sle10-sp2-sdk.ia64
sles10-sp2-debuginfo.ia64
sle10-sp2-sdk.ppc
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles10-sp2.x86
sles10-sp2-debuginfo.ppc
sle10-sp2-sdk.x86-64
sle10-sp2-sdk.x86
sles10-sp2-debuginfo.x86
sles10-sp2.x86-64
sles10-sp2.ppc
sles10-sp2-debuginfo.s390x
ZYPP Patch Nr: 6035