CVE-2008-2364

Published: Jun 13, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

Affected (18)

Products: Apache: Http Server · Canonical: Ubuntu Linux · Fedoraproject: Fedora · +1 more

Show all products

Apache: Http Server · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation

1 product

1 product

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.0.35 to 2.0.64
Apache Http Server	From 2.2.0 to 2.2.9

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 7.10
Canonical Ubuntu Linux	Version 8.04

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 8
Fedoraproject Fedora	Version 9

Configuration D

11 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 3.0
Redhat Enterprise Linux Desktop	Version 4.0
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Eus	Version 4.7
Redhat Enterprise Linux Eus	Version 5.2
Redhat Enterprise Linux Server	Version 3.0
Redhat Enterprise Linux Server	Version 4.0
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Workstation	Version 3.0
Redhat Enterprise Linux Workstation	Version 4.0
Redhat Enterprise Linux Workstation	Version 5.0

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (132)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432

Source: secalert@redhat.com

Broken Link

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Source: secalert@redhat.com

Broken LinkMailing List

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=123376588623823&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=125631037611762&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2008-0967.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/30621

Source: secalert@redhat.com

Not ApplicableVendor Advisory

http://secunia.com/advisories/31026

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/31404

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/31416

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/31651

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/31904

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/32222

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/32685

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/32838

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/33156

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/33797

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34219

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34259

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34418

Source: secalert@redhat.com

Not Applicable

http://security.gentoo.org/glsa/glsa-200807-06.xml

Source: secalert@redhat.com

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1

Source: secalert@redhat.com

Broken Link

http://support.apple.com/kb/HT3216

Source: secalert@redhat.com

Broken Link

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154

Source: secalert@redhat.com

PatchVendor Advisory

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328

Source: secalert@redhat.com

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg27008517

Source: secalert@redhat.com

Third Party Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:195

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2008:237

Source: secalert@redhat.com

Broken Link

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0966.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/archive/1/494858/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/498567/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/29653

Source: secalert@redhat.com

PatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/31681

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1020267

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-731-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2008/1798

Source: secalert@redhat.com

Permissions Required

http://www.vupen.com/english/advisories/2008/2780

Source: secalert@redhat.com

Permissions Required

http://www.vupen.com/english/advisories/2009/0320

Source: secalert@redhat.com

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/42987

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577

Source: secalert@redhat.com

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432