CVE-1999-0926

Vulnerability

Apache versions 1.2.5 and 1.3.1 are susceptible to a denial of service attack due to a lack of limits on the number of MIME headers that can be included in a client request. While individual headers are limited to 8192 bytes and reading headers is limited to 300 seconds, sending a large quantity of these headers can consume excessive memory and CPU resources [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the Apache server. This request should contain a large number of MIME headers, each close to the 8192-byte limit. The attacker needs network access to the target server and does not require any authentication or user interaction. The exploit involves repeatedly sending these large headers until the server becomes unresponsive or crashes [1].

Impact

Successful exploitation of this vulnerability can lead to a denial of service. The Apache web server or MessageMedia UnityMail application may crash, requiring a restart to restore normal functionality. The attacker gains control over the availability of the service, preventing legitimate users from accessing it [1].

Mitigation

Apache versions 1.3.2-dev and later have implemented limits on the number of MIME headers. No specific patch version or release date for a fix for versions 1.2.5 and 1.3.1 is mentioned in the available references. It is recommended to upgrade to a patched version of Apache once available. No workarounds are currently disclosed in the available references [1].