Apache prior 2.0.52 Multiple Spaces CPU Overload Denial-of-Service 1.0
 
Plugin ID280
Plugin nameApache prior 2.0.52 Multiple Spaces CPU Overload Denial-of-Service
Plugin filenameApache prior 2.0.52 Multiple Spaces CPU Overload Denial-of-Service.plugin
Plugin filesize3120 bytes
Plugin familyDenial of Service
Plugin created nameDavid Nester
Plugin created emaildavid at icrew dot org
Plugin created webhttp://www.icrew.org
Plugin created companyiCrew Security
Plugin created date2004/12/05
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/12/06
Plugin version1.0
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *Apache/1.#* OR HTTP/#.# ### *Apache/2.0.[0-4]* OR HTTP/#.# ### *Apache/2.0.5[0-2]*
Plugin detection accuracy80
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published nameChintan Trivedi
Bug published emailchesschintan at gmail dot com
Bug published web
Bug published date2004/01/01
Bug produced nameApache Software Foundation
Bug produced emailapache at apache dot org
Bug produced webhttp://httpd.apache.org
Bug not affectedOther versions or solutions
Bug vulnerability classDenial Of Service
Bug descriptionThrough this vulnerability, a user is able to create a denial of service by issuing a HTTP GET request with several thousand spaces. This will cause CPU overhead to increase to a point of denial of service. This can be exploited by a remote, unauthenticated user.
Bug solutionThis is resolved in Apache httpd 2.0.53-dev. Be aware that this is a development release.
Bug fixing timeApprox. 1 hour
Bug exploit availabilityYes
Bug exploit urlhttp://securitytracker.com/id?1012083
Bug remoteYes
Bug localNo
Bug severityHigh
Bug popularity5
Bug simplicity8
Bug impact9
Bug risk6
Bug Nessus riskHigh
Bug ISS Scanner ratingHigh
Source CVECAN-2004-0942
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.apacheweek.com/features/security-13

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.