CVE Vulnerabilities

CVE-2004-0492

Published: Aug 06, 2004 | Modified: Jun 06, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 1.3.28 1.3.28
Http_server Apache 1.3.29 1.3.29
Http_server Ibm 1.3.26.2 1.3.26.2
Http_server Ibm 1.3.28 1.3.28
Webproxy Hp 2.0 2.0
Webproxy Hp 2.1 2.1
Http_server Apache 1.3.31 1.3.31
Virtualvault Hp 11.0.4 11.0.4
Propack Sgi 2.4 2.4
Http_server Apache 1.3.26 1.3.26
Http_server Apache 1.3.27 1.3.27
Http_server Ibm 1.3.26 1.3.26
Http_server Ibm 1.3.26.1 1.3.26.1
Red Hat Enterprise Linux 2.1 RedHat apache *
Red Hat Enterprise Linux 2.1 RedHat mod_ssl *
Apache Ubuntu dapper *
Apache Ubuntu edgy *
Apache Ubuntu feisty *

References