IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Advisory 02-005.1

Remote Vulnerabilities in the Apache Web Server Software
June 19, 2002 (Revised June 21, 2002)

[Revision from the original document are indicated in bold]

This advisory updates NIPC Advisory 02-005 which highlighted the significance of a vulnerability that could affect a majority of active Web sites. The Apache Software Foundation has made available product updates as solutions to this vulnerability. Users are encouraged to visit http://httpd.apache.org/ to obtain updated versions of this open source product.

This issue is further addressed in the following:

Apache Security Advisory
http://httpd.apache.org/info/security_bulletin_20020620.txt

CERT Advisory CA-2002-17
Apache Web Server Chunk Handling Vulnerability
http://www.cert.org/advisories/CA-2002-17.html

Internet Security Systems Advisory
Apache HTTP Server Exploit in Circulation
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20524

NIPC research confirms the existence of a potential vulnerability in numerous versions of the open-source Apache Web Server Software. This vulnerability can allow remote access to the system with the permissions of the web server.

Background:

The NIPC evaluated this vulnerability and found that Apache has a memory heap condition that, if carefully manipulated, can give an intruder the ability to run arbitrary commands on the victim's computer. To date, this vulnerability is known to affect multiple versions of the Apache Software.

The NIPC considers this to be a significant threat due to the large installed base of Apache Servers, the potential for remote compromise, and the level of access granted by this vulnerability. This advisory is being released in advance of any reported exploitations.

Recommendation:

Users are encouraged to visit http://httpd.apache.org/ to obtain updated versions of the Apache open source product, and to consider the recommendations posted by ISS and CERT/CC.

As always, computer users are advised to remain vigilant in their intrusion detection and prevention efforts, and to keep their systems current by checking their vendor's Web sites frequently for new updates and to check for alerts put out by the NIPC, CERT/CC, and other cognizant organizations.

The NIPC encourages recipients of this advisory to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@fbi.gov.