IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Advisory 02-005

Remote Vulnerabilities in Apache Web Server Software
June 19, 2002

The NIPC is issuing this advisory to highlight the significance of a vulnerability that could affect a majority of active Web sites and which is addressed in the following:

Internet Security Systems Advisory
Remote Compromise Vulnerability in Apache HTTP Server
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20502

Apache Security Advisory
http://httpd.apache.org/info/security_bulletin_20020617.txt

CERT Advisory CA-2002-17
Apache Web Server Chunk Handling Vulnerability
http://www.cert.org/advisories/CA-2002-17.html

NIPC research confirms the existence of a potential vulnerability in numerous versions of the open-source Apache Web Server Software. This vulnerability can allow remote access to the system. This gives an intruder the ability to take control of the system and execute root level commands.

Background:

The NIPC evaluated this vulnerability and found that Apache has a memory heap condition that, if carefully manipulated, can give an intruder the ability to run arbitrary commands on the victim's computer. To date, this vulnerability is known to affect multiple versions of the Apache Software.

The NIPC considers this to be a significant threat due to the large installed base of Apache Servers, the potential for remote compromise, and the level of access granted by this vulnerability. This advisory is being released in advance of any reported exploitations.

Recommendation:

The Apache Software Foundation is currently working on a product release that resolves this issue. Users are encouraged to visit http://httpd.apache.org/ in order to obtain updated versions of this open source product, and to consider the recommendations posted by ISS and CERT/CC.

As always, computer users are advised to remain vigilant in their intrusion detection and prevention efforts, and to keep their systems current by checking their vendor's Web sites frequently for new updates and to check for alerts put out by the NIPC, CERT/CC, and other cognizant organizations.

The NIPC encourages recipients of this advisory to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@fbi.gov.