HTTP: Apache Massacre Denial of Service Variant
This signature detects attempts to exploit a memory leak in Apache Web server. Windows and Unix implementations of Apache Web server prior to version 2.0.45 are vulnerable. Attackers can include thousands of carriage returns and linefeeds in a request to crash the Apache server.
Extended Description
Apache 2.0 series webservers are prone to a denial-of-service condition. This issue occurs because of the way that Apache handles excessive amounts of consecutive linefeed characters. The server may allocate large amounts of memory, resulting in a denial of service.
Affected Products
Apache_software_foundation apache
Short Name
HTTP:APACHE:MASSACRE-DOS-VAR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2003-0132 Denial Massacre Service Variant bid:7254 of
Release Date
06/18/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Apache_software_foundation
Computer_associates
Hp
Apple
CVSS Score
5.0