Vulnerability Details : CVE-2008-2364
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
Vulnerability category: Denial of service
Products affected by CVE-2008-2364
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Threat overview for CVE-2008-2364
Top countries where our scanners detected CVE-2008-2364
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-2364 210,762
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-2364!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-2364
2.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-2364
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-2364
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-2364
-
Red Hat 2008-06-26Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
-
Apache 2008-07-02Fixed in Apache HTTP Server 2.2.9. http://httpd.apache.org/security/vulnerabilities_22.html
References for CVE-2008-2364
-
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://secunia.com/advisories/31026
About Secunia Research | FlexeraNot Applicable
-
http://www.securitytracker.com/id?1020267
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-200807-06.xml
Apache: Denial of service (GLSA 200807-06) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/32838
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42987
Apache HTTP Server mod_proxy module denial of service CVE-2008-2364 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:007 - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ te
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713
404 Not FoundThird Party Advisory
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328
Broken Link
-
http://www.ubuntu.com/usn/USN-731-1
USN-731-1: Apache vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://marc.info/?l=bugtraq&m=125631037611762&w=2
'[security bulletin] HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Den' - MARCIssue Tracking;Mailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:237
MandrivaBroken Link
-
http://www.securityfocus.com/bid/29653
Patch;Third Party Advisory;VDB Entry
-
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Broken Link;Mailing List
-
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s
-
http://www-01.ibm.com/support/docview.wss?uid=swg27008517
Fix list for IBM HTTP Server V6.1Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:006 - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0966.html
SupportThird Party Advisory
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Apache Mail Archives
-
http://secunia.com/advisories/34219
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://marc.info/?l=bugtraq&m=123376588623823&w=2
'[security bulletin] HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Den' - MARCIssue Tracking;Mailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:195
MandrivaBroken Link
-
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://www.vupen.com/english/advisories/2009/0320
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://secunia.com/advisories/34259
About Secunia Research | FlexeraNot Applicable
-
http://www.vupen.com/english/advisories/2008/1798
Site en constructionPermissions Required
-
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html
[SECURITY] Fedora 8 Update: httpd-2.2.9-1.fc8Mailing List;Third Party Advisory
-
http://secunia.com/advisories/32685
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
http://secunia.com/advisories/33156
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/-Apache Mail Archives
-
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html
[SECURITY] Fedora 9 Update: httpd-2.2.9-1.fc9Mailing List;Third Party Advisory
-
http://secunia.com/advisories/32222
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://secunia.com/advisories/30621
About Secunia Research | FlexeraNot Applicable;Vendor Advisory
-
http://secunia.com/advisories/31416
About Secunia Research | FlexeraNot Applicable
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577
404 Not FoundThird Party Advisory
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084
404 Not FoundThird Party Advisory
-
http://www.securityfocus.com/archive/1/494858/100/0/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
Broken Link
-
http://secunia.com/advisories/31651
About Secunia Research | FlexeraNot Applicable
-
http://www.securityfocus.com/archive/1/498567/100/0/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://secunia.com/advisories/31904
About Secunia Research | FlexeraNot Applicable
-
http://secunia.com/advisories/31404
About Secunia Research | FlexeraNot Applicable
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple SupportBroken Link
-
http://secunia.com/advisories/34418
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Apache Mail Archives
-
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154
[Apache-SVN] Diff of /httpd/httpd/trunk/modules/proxy/mod_proxy_http.cPatch;Vendor Advisory
-
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
-
http://www.securityfocus.com/bid/31681
Third Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Oracle Critical Patch Update - July 2013Third Party Advisory
-
http://secunia.com/advisories/33797
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
http://rhn.redhat.com/errata/RHSA-2008-0967.html
RHSA-2008:0967 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to