lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 23 Dec 2004 13:20:18 -0700
From: "Boren, Rich (SSRT)" <rich.boren@...com>
To: <bugtraq@...urityfocus.com>
Subject: [Security Bulletin] SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN

HPSBTU01106     REVISION: 0

SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote
               Denial of Service (DoS)

NOTICE:
There are no restrictions for distribution of this Bulletin
provided that it remains complete and intact.

The information in this Security bulletin should be acted upon
as soon as possible.

INITIAL RELEASE:
22 December 2004

POTENTIAL SECURITY IMPACT:
    Remote Denial of Service (DoS)

SOURCE:
HEWLETT-PACKARD COMPANY
HP Software Security Response Team

REFERENCES:
CAN-2004-0942

VULNERABILITY SUMMARY:
    A potential security vulnerability has been reported in the
    Secure Web Server (SWS) for Tru64 UNIX (powered by Apache)
    software distributed with HP Internet Express for Tru64 UNIX
    (IX).  The potential vulnerability is remotely exploitable
    and can cause a denial of service (DoS) due to high CPU
    consumption.

SUPPORTED SOFTWARE VERSIONS*:  ONLY impacted versions are listed.
    SWS based on Apache 2.0.52 and earlier (IX 6.3 and earlier;
    SWS standalone versions earlier than 6.3.6a)

BACKGROUND:
    For a listing of all HP Tru64 UNIX security patch kits please
    see the following web site:
    http://h30097.www3.hp.com/unix/security-download.html

    Until the corrections are available in a mainstream release,
    HP is providing a patch that resolves the potential SWS
    vulnerability described in this bulletin. The corrections are
    scheduled to be available in the following mainstream release:

    HP Internet Express for Tru64UNIX (IX) version 6.4

RESOLUTION:
    The Secure Web Server 6.3.6a for Tru64 UNIX (powered by
    Apache) kit is available for download at the following site:

    http://h30097.www3.hp.com/internet/download.htm

    The kit is based on a patched version of Apache 2.0.52.

BULLETIN REVISION HISTORY:
Revision 0 - 22 December 2004
              Initial Release

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQcrK5OAfOvwtKn1ZEQKGhwCbBoZFh6qyNAfxbcH5xkw9HuBuP5AAmgNc
6wvDIp51/eDbdHu62x6pWHe6
=ojOH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ