|Apache Mod_SSL可定制错误文档拒绝服务漏洞

Apache Mod_SSL可定制错误文档拒绝服务漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

BUGTRAQ ID: 16152 CVE(CAN) ID: CVE-2005-3357 Mod_SSL是Apache服务器上的SSL实现，用来为Apache Web服务器提供加密支持。在某些配置情况下Apache的Mod_SSL存在拒绝服务器，远程攻击者可能利用此漏洞导致Apache服务器的拒绝服务。此拒绝服务漏洞是一个可能的空指针废弃问题引起的，当Apache被配置成支持对代码400错误可定制ErrorDocument时可触发此漏洞，远程攻击者可导致Apache进程或线程崩溃，持继性的攻击可以使Apache失去响应。 Apache Group Apache 2.x 临时解决方法：如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： * 不要为Apache配置成对代码400错误可定制ErrorDocument。厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2006:0159-01）以及相应补丁: RHSA-2006:0159-01：Moderate: httpd security update 链接：<a href=http://lwn.net/Alerts/166549/?format=printable target=_blank>http://lwn.net/Alerts/166549/?format=printable</a> 补丁下载： Red Hat Enterprise Linux AS version 3: SRPMS: <a href=ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd... target=_blank>ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd...</a> 5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm i386: 58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm 7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm ia64: 9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm 5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm ppc: 463c75e6ea66006c222c769c133bc4a0 httpd-2.0.46-56.ent.ppc.rpm fbfa43b0915f7593b0b53b060ccaa5f8 httpd-devel-2.0.46-56.ent.ppc.rpm a9c64df8a73025eca98e931dd074b69a mod_ssl-2.0.46-56.ent.ppc.rpm s390: fe25eb28019d8d9a3a75b87eb60dbfe9 httpd-2.0.46-56.ent.s390.rpm 21a7aab2c525ea1f61528823f440c1ab httpd-devel-2.0.46-56.ent.s390.rpm 4bec0fb1ba74b43121cba95fcbc54430 mod_ssl-2.0.46-56.ent.s390.rpm s390x: 1f0093a5d44fa75ad8d5dff12f6a8f81 httpd-2.0.46-56.ent.s390x.rpm e005b654914be004d22d456c3f7cd9f1 httpd-devel-2.0.46-56.ent.s390x.rpm ed206f46043e55028a3a1ec63f516042 mod_ssl-2.0.46-56.ent.s390x.rpm x86_64: 19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm 204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm 770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: <a href=ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/... target=_blank>ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/...</a> 5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm i386: 58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm 7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm x86_64: 19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm 204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm 770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: <a href=ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd... target=_blank>ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd...</a> 5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm i386: 58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm 7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm ia64: 9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm 5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm x86_64: 19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm 204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm 770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: <a href=ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd... target=_blank>ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd...</a> 5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm i386: 58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm 7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm ia64: 9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm 5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm x86_64: 19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm 204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm 770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: <a href=ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd... target=_blank>ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd...</a> 1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm i386: 64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm 7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm 5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm 4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm 97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm ia64: c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm 10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm 38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm ppc: 1fef1c2e4c3e8796c8d29f1a8b4288f2 httpd-2.0.52-22.ent.ppc.rpm 756f217a147ae442b5b60612c42a6e80 httpd-devel-2.0.52-22.ent.ppc.rpm d8f0dd7e832cad4efa48333ed1d649af httpd-manual-2.0.52-22.ent.ppc.rpm 3a466a4bceadf2fcc1994206481062a6 httpd-suexec-2.0.52-22.ent.ppc.rpm a293bf05ecae2c4b192d5ec3dfcbb98d mod_ssl-2.0.52-22.ent.ppc.rpm s390: c9aee197a528745c6c8590f7605b1643 httpd-2.0.52-22.ent.s390.rpm 9f8f303a60b8b52a5a1c4be911df9212 httpd-devel-2.0.52-22.ent.s390.rpm f3107dc3d74f773f21854fc94e2eca2d httpd-manual-2.0.52-22.ent.s390.rpm 4f3d8737a2656298e7b2b867b0f35d2a httpd-suexec-2.0.52-22.ent.s390.rpm e78eb4e3946b778fcd3a8fd650c1cc02 mod_ssl-2.0.52-22.ent.s390.rpm s390x: c175a4c5c89597afd57932e6e08f5755 httpd-2.0.52-22.ent.s390x.rpm f894f7f71f4ab719d09812bb794f37df httpd-devel-2.0.52-22.ent.s390x.rpm da94d5e68605db9f5c4c801e853e60ad httpd-manual-2.0.52-22.ent.s390x.rpm 350bbc702110c42e1cf95787168d63b1 httpd-suexec-2.0.52-22.ent.s390x.rpm 321b95391c4d73b76fb632db96fec976 mod_ssl-2.0.52-22.ent.s390x.rpm x86_64: e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm 95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm 8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: <a href=ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/... target=_blank>ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/...</a> 1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm i386: 64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm 7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm 5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm 4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm 97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm x86_64: e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm 95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm 8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22. 可使用下列命令安装补丁： rpm -Fvh [文件名]

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™