-----Original Message----- From: Nipc Watch [mailto:nipc.watch@private] Sent: Wednesday, June 19, 2002 1:45 PM To: daily Subject: NIPC Advisory 02-005 Remote Vulnerability in Apache Web Server Software National Infrastructure Protection Center "Remote Vulnerabilities in Apache Web Server Software" Advisory 02-005 19 June 2002 The NIPC is issuing this advisory to highlight the significance of a vulnerability that could affect a majority of active Web sites and which is addressed in the following: Internet Security Systems Advisory Remote Compromise Vulnerability in Apache HTTP Server http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20502 <http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20502> Apache Security Advisory http://httpd.apache.org/info/security_bulletin_20020617.txt <http://httpd.apache.org/info/security_bulletin_20020617.txt> CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability http://www.cert.org/advisories/CA-2002-17.html <http://www.cert.org/advisories/CA-2002-17.html> NIPC research confirms the existence of a potential vulnerability in numerous versions of the open-source Apache Web Server Software. This vulnerability can allow remote access to the system. This gives an intruder the ability to take control of the system and execute root level commands. Background: The NIPC evaluated this vulnerability and found that Apache has a memory heap condition that, if carefully manipulated, can give an intruder the ability to run arbitrary commands on the victim's computer. To date, this vulnerability is known to affect multiple versions of the Apache Software. The NIPC considers this to be a significant threat due to the large installed base of Apache Servers, the potential for remote compromise, and the level of access granted by this vulnerability. This advisory is being released in advance of any reported exploitations. Recommendation: The Apache Software Foundation is currently working on a product release that resolves this issue. Users are encouraged to visit http://httpd.apache.org/ <http://httpd.apache.org/> in order to obtain updated versions of this open source product, and to consider the recommendations posted by ISS and CERT/CC. As always, computer users are advised to remain vigilant in their intrusion detection and prevention efforts, and to keep their systems current by checking their vendor's Web sites frequently for new updates and to check for alerts put out by the NIPC, CERT/CC, and other cognizant organizations. The NIPC encourages recipients of this advisory to report computer intrusions to their local FBI office ( http://www.fbi.gov/contact/fo/fo.htm <http://www.fbi.gov/contact/fo/fo.htm> ) or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm <http://www.nipc.gov/incident/cirr.htm> , and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@private <mailto:nipc.watch@private> .
This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 15:25:10 PDT