Signature Detail

HTTP: Apache Range Byte Header Memory Leak

This signature detects attempts to exploit the usage of the Range byte header against an Apache server. A successful attack can create a memory leak that could be use to perform a memory exhaustion attack. Multiple signature events could mean that a denial-of-service (DoS) attack is currently being attempted.

Extended Description

Apache is prone to a denial of service when handling large CGI byterange requests.

Affected Products

• Apache_software_foundation apache 2.0.0
• Apache_software_foundation apache 2.0.0 A9
• Apache_software_foundation apache 2.0.28
• Apache_software_foundation apache 2.0.28 Beta
• Apache_software_foundation apache 2.0.32
• Apache_software_foundation apache 2.0.35
• Apache_software_foundation apache 2.0.36
• Apache_software_foundation apache 2.0.37
• Apache_software_foundation apache 2.0.38
• Apache_software_foundation apache 2.0.39
• Apache_software_foundation apache 2.0.40
• Apache_software_foundation apache 2.0.41
• Apache_software_foundation apache 2.0.42
• Apache_software_foundation apache 2.0.43
• Apache_software_foundation apache 2.0.44
• Apache_software_foundation apache 2.0.45
• Apache_software_foundation apache 2.0.46
• Apache_software_foundation apache 2.0.47
• Apache_software_foundation apache 2.0.48
• Apache_software_foundation apache 2.0.49
• Apache_software_foundation apache 2.0.50
• Apache_software_foundation apache 2.0.51
• Apache_software_foundation apache 2.0.52
• Apache_software_foundation apache 2.0.53
• Apache_software_foundation apache 2.0.54
• Apache_software_foundation apache 2.1.0
• Apache_software_foundation apache 2.1.1
• Apache_software_foundation apache 2.1.2
• Apache_software_foundation apache 2.1.3
• Apache_software_foundation apache 2.1.4
• Apache_software_foundation apache 2.1.5
• Avaya cvlan
• Avaya integrated_management 2.1.0
• Avaya integrated_management
• Conectiva linux 10.0.0
• Gentoo linux
• Hp hp-ux 11.0.0
• Hp hp-ux 11.0.0 4
• Hp hp-ux 11.11.0
• Hp hp-ux 11.23.0
• Hp hp-ux B.11.00
• Hp hp-ux B.11.11
• Hp hp-ux B.11.23
• Ibm http_server 2.0.42
• Ibm http_server 2.0.42 .1
• Ibm http_server 2.0.42 .2
• Ibm http_server 2.0.47
• Ibm http_server 2.0.47 .1
• Mandriva corporate_server 3.0.0
• Mandriva corporate_server 3.0.0 X86 64
• Mandriva multi_network_firewall 2.0.0
• Red_hat desktop 3.0.0
• Red_hat desktop 4.0.0
• Red_hat enterprise_linux_as 3
• Red_hat enterprise_linux_as 4
• Red_hat enterprise_linux_es 3
• Red_hat enterprise_linux_es 4
• Red_hat enterprise_linux_ws 3
• Red_hat enterprise_linux_ws 4
• Red_hat fedora Core3
• Red_hat fedora Core4
• Sgi propack 3.0.0 SP6
• Sun solaris 10 X86
• Suse linux_personal 9.1.0 X86 64
• Suse linux_personal 9.2.0
• Suse linux_personal 9.2.0 X86 64
• Suse linux_personal 9.3.0
• Suse linux_personal 9.3.0 X86 64
• Suse linux_professional 9.0.0
• Suse linux_professional 9.0.0 X86 64
• Suse linux_professional 9.1.0
• Suse linux_professional 9.1.0 X86 64
• Suse linux_professional 9.2.0
• Suse linux_professional 9.2.0 X86 64
• Suse linux_professional 9.3.0
• Suse linux_professional 9.3.0 X86 64
• Suse open-enterprise-server 9.0.0
• Suse suse_linux_enterprise_server 8
• Suse suse_linux_enterprise_server 9
• Trustix secure_enterprise_linux 2.0.0
• Trustix secure_linux 2.2.0
• Trustix secure_linux 3.0.0
• Turbolinux home
• Turbolinux multimedia
• Turbolinux personal
• Turbolinux turbolinux 10 F...
• Turbolinux turbolinux_desktop 10.0.0
• Turbolinux turbolinux_server 10.0.0
• Turbolinux turbolinux_server 7.0.0
• Turbolinux turbolinux_server 8.0.0
• Turbolinux turbolinux_workstation 7.0.0
• Turbolinux turbolinux_workstation 8.0.0
• Ubuntu ubuntu_linux 4.1.0 Ia32
• Ubuntu ubuntu_linux 4.1.0 Ia64
• Ubuntu ubuntu_linux 4.1.0 Ppc
• Ubuntu ubuntu_linux 5.0.0 4 Amd64
• Ubuntu ubuntu_linux 5.0.0 4 I386
• Ubuntu ubuntu_linux 5.0.0 4 Powerpc

References

• BugTraq: 14660
• CVE: CVE-2005-2728
• URL: http://issues.apache.org/bugzilla/show_bug.cgi?id=29962
• URL: http://www.gentoo.org/security/en/glsa/glsa-200508-15.xml