| Date issued |
2002-06-28 |
| Revision history |
FSC-2002-3.1 - 2002-06-28 |
| Risk factor |
High (Low/Medium/High/Critical) |
| Brief description |
Apache 1.3 through 1.3.24, may allow remote attackers to execute arbitrary code via a chunk-encoded HTTP
request that causes Apache to use an incorrect size. Exploits are publicly available that claim to allow
the execution of arbitrary code. |
| Affected software |
F-Secure Policy Manager |
| Affected versions |
5.10 build 7 and previous |
| Affected platforms |
All supported platforms |
| Bulletin location |
http://www.F-Secure.com/support/security/fsc-2002-3.shtml |
Solution:
F-Secure acknowledges that F-Secure Policy Manager Server is vulnerable and recommends all it's users to
upgrade to F-Secure Policy Manager 5.10 build 8.
You can download the corrected version from here:
Policy Manager Webclub
We apologize for any inconvenience this may cause.
FAQ:
Is this a serious vulnerability?
Yes, requests to all versions of Apache 1.3 can cause various effects ranging from a relatively harmless
increase in system resources through to denial of service attacks and in some cases the ability to be
remotely exploited.
Can you give me example when my server is in danger?
If you do not upgrade to the latest version of FSPMS (5.10 build 8) your server might be vulnerable to
attackers running programmes on it after they have successfully exploited the security problem.
Do you have any reports on systems that were hacked because of this vulnerability?
No. This vulnerability was just published shortly before the fix was made available.
