Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a short-lived connection on a rarely-accessed listening socket.
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | * | 2.0.49 (including) |
Apache | Ubuntu | dapper | * |
Apache | Ubuntu | edgy | * |
Apache | Ubuntu | feisty | * |
Red Hat Stronghold 4 | RedHat | * |
Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.