-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
HP SECURITY BULLETIN
HPSBTU01106 REVISION: 0
SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote
Denial of Service (DoS)
NOTICE:
There are no restrictions for distribution of this Bulletin
provided that it remains complete and intact.
The information in this Security bulletin should be acted upon
as soon as possible.
INITIAL RELEASE:
22 December 2004
POTENTIAL SECURITY IMPACT:
Remote Denial of Service (DoS)
SOURCE:
HEWLETT-PACKARD COMPANY
HP Software Security Response Team
REFERENCES:
CAN-2004-0942
VULNERABILITY SUMMARY:
A potential security vulnerability has been reported in the
Secure Web Server (SWS) for Tru64 UNIX (powered by Apache)
software distributed with HP Internet Express for Tru64 UNIX
(IX). The potential vulnerability is remotely exploitable
and can cause a denial of service (DoS) due to high CPU
consumption.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
SWS based on Apache 2.0.52 and earlier (IX 6.3 and earlier;
SWS standalone versions earlier than 6.3.6a)
BACKGROUND:
For a listing of all HP Tru64 UNIX security patch kits please
see the following web site:
http://h30097.www3.hp.com/unix/security-download.html
Until the corrections are available in a mainstream release,
HP is providing a patch that resolves the potential SWS
vulnerability described in this bulletin. The corrections are
scheduled to be available in the following mainstream release:
HP Internet Express for Tru64UNIX (IX) version 6.4
RESOLUTION:
The Secure Web Server 6.3.6a for Tru64 UNIX (powered by
Apache) kit is available for download at the following site:
http://h30097.www3.hp.com/internet/download.htm
The kit is based on a patched version of Apache 2.0.52.
BULLETIN REVISION HISTORY:
Revision 0 - 22 December 2004
Initial Release
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQcrK5OAfOvwtKn1ZEQKGhwCbBoZFh6qyNAfxbcH5xkw9HuBuP5AAmgNc
6wvDIp51/eDbdHu62x6pWHe6
=ojOH
-----END PGP SIGNATURE-----
