CVE-2004-0492

Severity

99%

Complexity

99%

Confidentiality

165%

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 20 years ago

2004-08-06 04:00:00

Last updated 7 years ago

2017-10-11 01:29:00

Affected Software

Apache Software Foundation Apache HTTP Server 1.3.26

1.3.26

Apache Software Foundation Apache HTTP Server 1.3.27

1.3.27

Apache Software Foundation Apache HTTP Server 1.3.28

1.3.28

Apache Software Foundation Apache HTTP Server 1.3.29

1.3.29

Apache Software Foundation Apache HTTP Server 1.3.31

1.3.31

HP Webproxy 2.0

2.0

HP Webproxy 2.1

2.1

IBM IBM HTTP Server 1.3.26

1.3.26

IBM IBM HTTP Server 1.3.26.1

1.3.26.1

IBM IBM HTTP Server 1.3.26.2

1.3.26.2

IBM IBM HTTP Server 1.3.28

1.3.28

SGI ProPack 2.4

2.4

HP VVOS 11.04

11.04

OpenBSD

OpenBSD 3.4

3.4

OpenBSD 3.5

3.5

References

20040605-01-U

20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache)

SSRT090208

RHSA-2004:245

Patch, Vendor Advisory

20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows

11841

101555

101841

57628

DSA-525