Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Apache Basic authentication module denial of service

Apache Basic authentication module denial of service

by Mario Miri on June 2nd, 2003 It has been reported that Apache 2.0 does not properly use specific thread-safe functions. Because of this, an attacker may be able to create a circumstance that prevents users from logging into restricted areas with valid user credentials.


Vulnerable:
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.45


Solution:
2.0.46 version of the software is not prone to this vulnerability.
http://www.apache.org/dist/httpd/
RedHat advisory available: RHSA-2003:186-01
http://www.mandrakesecure.net/en/ftp.php


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »