IBM Plugs DoS Server Holes | eWeek

IBM Plugs DoS Server Holes

Verfasst von
Ryan Naraine
Ryan Naraine
Nov 19, 2004
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

IBM has issued an interim fix for a pair of DoS (denial of service) vulnerabilities affecting its HTTP Server V2.0.

In an advisory posted Friday, the Armonk, N.Y.-based firm said the flaws are related to two known issues in the open-source Apache HTTP Server.

IBM said the first bug could allow a remote attacker to cause a DoS condition (CPU consumption) through an HTTP GET request bug in the Apache Web server V2.0.52.

That vulnerability is caused due to an error in the parsing routine for headers with a large amount of spaces. This can be exploited by sending some specially crafted requests with a large number of overly long headers containing only spaces.

A successful exploit could cause the server to become unreachable and use a large amount of CPU resources. It has been confirmed on Apache HTTP Server version 2.0.52 running Linux. Other versions may also be affected.

A fix for that bug has been added to version 2.0.53-dev.

IBM HTTP Server versions based on Apache HTTP Server V1.3 were not vulnerable. “There are no known data integrity issues associated with these exposures,” company officials said.

/zimages/2/28571.gifClick hereto read about a new two-factor authentication solution designed for the Apache Web server.

IBM also confirmed that users of its HTTP Server were vulnerable to a flaw in the Apache mod_dav module that could lead to a child process crash.

A malicious client could potentially exploit this to crash an httpd child process by sending a particular sequence of “lock” requests. Successful exploitation requires that the malicious client is allowed to use the lock method and that the threaded process model is used.

A fix for the mod_dav module flaw is available with Apache HTTP server version 2.0.51.

IBM said both issues have been resolved with an interim fix.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.