<<< Date Index >>>     <<< Thread Index >>>

[Security Bulletin] SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN

HPSBTU01106     REVISION: 0

SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote
               Denial of Service (DoS)

NOTICE:
There are no restrictions for distribution of this Bulletin
provided that it remains complete and intact.

The information in this Security bulletin should be acted upon
as soon as possible.

INITIAL RELEASE:
22 December 2004

POTENTIAL SECURITY IMPACT:
    Remote Denial of Service (DoS)

SOURCE:
HEWLETT-PACKARD COMPANY
HP Software Security Response Team

REFERENCES:
CAN-2004-0942

VULNERABILITY SUMMARY:
    A potential security vulnerability has been reported in the
    Secure Web Server (SWS) for Tru64 UNIX (powered by Apache)
    software distributed with HP Internet Express for Tru64 UNIX
    (IX).  The potential vulnerability is remotely exploitable
    and can cause a denial of service (DoS) due to high CPU
    consumption.

SUPPORTED SOFTWARE VERSIONS*:  ONLY impacted versions are listed.
    SWS based on Apache 2.0.52 and earlier (IX 6.3 and earlier;
    SWS standalone versions earlier than 6.3.6a)

BACKGROUND:
    For a listing of all HP Tru64 UNIX security patch kits please
    see the following web site:
    http://h30097.www3.hp.com/unix/security-download.html

    Until the corrections are available in a mainstream release,
    HP is providing a patch that resolves the potential SWS
    vulnerability described in this bulletin. The corrections are
    scheduled to be available in the following mainstream release:

    HP Internet Express for Tru64UNIX (IX) version 6.4

RESOLUTION:
    The Secure Web Server 6.3.6a for Tru64 UNIX (powered by
    Apache) kit is available for download at the following site:

    http://h30097.www3.hp.com/internet/download.htm

    The kit is based on a patched version of Apache 2.0.52.

BULLETIN REVISION HISTORY:
Revision 0 - 22 December 2004
              Initial Release

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQcrK5OAfOvwtKn1ZEQKGhwCbBoZFh6qyNAfxbcH5xkw9HuBuP5AAmgNc
6wvDIp51/eDbdHu62x6pWHe6
=ojOH
-----END PGP SIGNATURE-----