Apache Chunked encoding vulnerability CAN-2002-0392
---------------------------------------------------

Synopsis
--------

Requests to all versions of Apache 1.3 prior to 1.3.26
can cause various effects ranging from a relatively 
harmless increase in system resources through to denial 
of service attacks and in some cases the ability to be 
remotely exploited.

As Apache-SSL is based on Apache, Apache-SSL is also 
vulnerable.

See Also
--------

http://www.apacheweek.com/features/security-13

Fix
---

Download Apache-SSL 1.3.26+1.48 from the usual places (see
http://www.apache-ssl.org/).

Adam Laurie, June 20, 2002.