ID CVE-2004-0493 Type cve Reporter NVD Modified 2017-10-10T21:29:26
Description
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
{"id": "CVE-2004-0493", "bulletinFamily": "NVD", "title": "CVE-2004-0493", "description": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.", "published": "2004-08-06T00:00:00", "modified": "2017-10-10T21:29:26", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0493", "reporter": "NVD", "references": ["http://www.guninski.com/httpd1.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html", "http://www.securityfocus.com/bid/10619", "http://www.apacheweek.com/features/security-20", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064", "http://marc.info/?l=bugtraq&m=108853066800184&w=2", "http://marc.info/?l=bugtraq&m=109181600614477&w=2", "http://security.gentoo.org/glsa/glsa-200407-03.xml", "http://www.trustix.org/errata/2004/0039/", "https://exchange.xforce.ibmcloud.com/vulnerabilities/16524", "http://www.redhat.com/support/errata/RHSA-2004-342.html"], "cvelist": ["CVE-2004-0493"], "type": "cve", "lastseen": "2017-10-11T11:05:56", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/a:ibm:http_server:2.0.42.1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:apache:http_server:2.0.49", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:ibm:http_server:2.0.42", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:ibm:http_server:2.0.42.2", "cpe:/a:ibm:http_server:2.0.47.1", "cpe:/o:gentoo:linux:1.4", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:ibm:http_server:2.0.47", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:apache:http_server:2.0.47"], "cvelist": ["CVE-2004-0493"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.", "edition": 1, "hash": "6e17a75004d0e79364b44b0fb3a3c328349ed965ba009352e696a394ab8373af", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "90e7b4b62f356e55c5cb3261944139e0", "key": "modified"}, {"hash": "0540f526d5b56f0baa2f693c67e2ffd4", "key": "published"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "cd28e7d7ae3c3f5d9b8d5bc924c1c255", "key": "description"}, {"hash": "2d9e712bec40b9cab21e8e87eeae67b4", "key": "scanner"}, {"hash": "622840d9a17ceeb7962d192c581476b2", "key": "assessment"}, {"hash": "4eedb7a16041634975eeef56ac10ad49", "key": "title"}, {"hash": "1483eedf312795ca8f331fe29c0849f1", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9e4debc94a85436514d87d507dd0900e", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0974b4a570ba67b612bc8c7978b0484b", "key": "href"}, {"hash": "bb2b18e62f74ca06ae309002a3bb49b1", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0493", "id": "CVE-2004-0493", "lastseen": "2016-09-03T04:23:38", "modified": "2010-08-21T00:20:38", "objectVersion": "1.2", "published": "2004-08-06T00:00:00", "references": ["http://www.guninski.com/httpd1.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html", "http://www.securityfocus.com/bid/10619", "http://marc.theaimsgroup.com/?l=bugtraq&m=108853066800184&w=2", "http://www.apacheweek.com/features/security-20", "http://xforce.iss.net/xforce/xfdb/16524", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064", "http://security.gentoo.org/glsa/glsa-200407-03.xml", "http://marc.theaimsgroup.com/?l=bugtraq&m=109181600614477&w=2", "http://www.trustix.org/errata/2004/0039/", "http://www.redhat.com/support/errata/RHSA-2004-342.html"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0493", "type": "cve", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T04:23:38"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/a:ibm:http_server:2.0.42.1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:apache:http_server:2.0.49", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:ibm:http_server:2.0.42", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:ibm:http_server:2.0.42.2", "cpe:/a:ibm:http_server:2.0.47.1", "cpe:/o:gentoo:linux:1.4", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:ibm:http_server:2.0.47", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:apache:http_server:2.0.47"], "cvelist": ["CVE-2004-0493"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.", "edition": 3, "enchantments": {}, "hash": "482e1c1a037d4243a90431cfe545a745cf00cfe4f7483dc99d44c1b9d6f6b12e", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "0540f526d5b56f0baa2f693c67e2ffd4", "key": "published"}, {"hash": "6277aaef99c297b5130d9367be6629b1", "key": "modified"}, {"hash": "cd28e7d7ae3c3f5d9b8d5bc924c1c255", "key": "description"}, {"hash": "2d9e712bec40b9cab21e8e87eeae67b4", "key": "scanner"}, {"hash": "622840d9a17ceeb7962d192c581476b2", "key": "assessment"}, {"hash": "4eedb7a16041634975eeef56ac10ad49", "key": "title"}, {"hash": "1483eedf312795ca8f331fe29c0849f1", "key": "cvelist"}, {"hash": "3b6b8afbf581482ea55875e912df3561", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0974b4a570ba67b612bc8c7978b0484b", "key": "href"}, {"hash": "bb2b18e62f74ca06ae309002a3bb49b1", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0493", "id": "CVE-2004-0493", "lastseen": "2017-07-11T11:14:26", "modified": "2017-07-10T21:30:12", "objectVersion": "1.3", "published": "2004-08-06T00:00:00", "references": ["http://www.guninski.com/httpd1.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html", "http://www.securityfocus.com/bid/10619", "http://www.apacheweek.com/features/security-20", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064", "http://marc.info/?l=bugtraq&m=108853066800184&w=2", "http://marc.info/?l=bugtraq&m=109181600614477&w=2", "http://security.gentoo.org/glsa/glsa-200407-03.xml", "http://www.trustix.org/errata/2004/0039/", "https://exchange.xforce.ibmcloud.com/vulnerabilities/16524", "http://www.redhat.com/support/errata/RHSA-2004-342.html"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0493", "type": "cve", "viewCount": 3}, "differentElements": ["assessment", "modified"], "edition": 3, "lastseen": "2017-07-11T11:14:26"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/a:ibm:http_server:2.0.42.1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:apache:http_server:2.0.49", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:ibm:http_server:2.0.42", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:ibm:http_server:2.0.42.2", "cpe:/a:ibm:http_server:2.0.47.1", "cpe:/o:gentoo:linux:1.4", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:ibm:http_server:2.0.47", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:apache:http_server:2.0.47"], "cvelist": ["CVE-2004-0493"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.", "edition": 2, "enchantments": {}, "hash": "7c3e0e21df111547cef4ea469c9b478725473bc9eb259c0b2ee8a514e3c51e33", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "0540f526d5b56f0baa2f693c67e2ffd4", "key": "published"}, {"hash": "cd28e7d7ae3c3f5d9b8d5bc924c1c255", "key": "description"}, {"hash": "2d9e712bec40b9cab21e8e87eeae67b4", "key": "scanner"}, {"hash": "622840d9a17ceeb7962d192c581476b2", "key": "assessment"}, {"hash": "4eedb7a16041634975eeef56ac10ad49", "key": "title"}, {"hash": "57ab6b98985ca2a89a2dd9d8fce6f137", "key": "modified"}, {"hash": "1483eedf312795ca8f331fe29c0849f1", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0974b4a570ba67b612bc8c7978b0484b", "key": "href"}, {"hash": "9a58918c4186a97b239eef687d61fbfa", "key": "references"}, {"hash": "bb2b18e62f74ca06ae309002a3bb49b1", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0493", "id": "CVE-2004-0493", "lastseen": "2017-04-18T15:50:17", "modified": "2016-10-17T22:45:44", "objectVersion": "1.2", "published": "2004-08-06T00:00:00", "references": ["http://www.guninski.com/httpd1.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html", "http://www.securityfocus.com/bid/10619", "http://www.apacheweek.com/features/security-20", "http://xforce.iss.net/xforce/xfdb/16524", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064", "http://marc.info/?l=bugtraq&m=108853066800184&w=2", "http://marc.info/?l=bugtraq&m=109181600614477&w=2", "http://security.gentoo.org/glsa/glsa-200407-03.xml", "http://www.trustix.org/errata/2004/0039/", "http://www.redhat.com/support/errata/RHSA-2004-342.html"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0493", "type": "cve", "viewCount": 2}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:17"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "593bd42eb5a4dac7ad4a035d78307be3"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "bb2b18e62f74ca06ae309002a3bb49b1"}, {"key": "cvelist", "hash": "1483eedf312795ca8f331fe29c0849f1"}, {"key": "cvss", "hash": "956b0cce3d9454921494ef535bcdf2a4"}, {"key": "description", "hash": "cd28e7d7ae3c3f5d9b8d5bc924c1c255"}, {"key": "href", "hash": "0974b4a570ba67b612bc8c7978b0484b"}, {"key": "modified", "hash": "c61e6bb565b4c96b57b332a7218154d8"}, {"key": "published", "hash": "0540f526d5b56f0baa2f693c67e2ffd4"}, {"key": "references", "hash": "3b6b8afbf581482ea55875e912df3561"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "2d9e712bec40b9cab21e8e87eeae67b4"}, {"key": "title", "hash": "4eedb7a16041634975eeef56ac10ad49"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1a02efc72a7075b6cabf5fd5adab3f15ab83c59d9c39b39ac1773fee14ba87e1", "viewCount": 3, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/a:ibm:http_server:2.0.42.1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:apache:http_server:2.0.49", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:ibm:http_server:2.0.42", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:ibm:http_server:2.0.42.2", "cpe:/a:ibm:http_server:2.0.47.1", "cpe:/o:gentoo:linux:1.4", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:ibm:http_server:2.0.47", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:apache:http_server:2.0.47"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}
{"result": {"httpd": [{"id": "HTTPD:3C611CFBC257124CABFC3F9D43E0FB40", "type": "httpd", "title": "Apache Httpd < 2.0.50: Header parsing memory leak", "description": "\n\nA memory leak in parsing of HTTP headers which can be triggered\nremotely may allow a denial of service attack due to excessive memory\nconsumption.\n\n", "published": "2004-06-13T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://httpd.apache.org/security_report.html", "cvelist": ["CVE-2004-0493"], "lastseen": "2016-09-26T21:39:38"}, {"id": "HTTPD:716DC8755E794DA060B129F86E2DA830", "type": "httpd", "title": "Apache Httpd < None: Header parsing memory leak", "description": "\n\nA memory leak in parsing of HTTP headers which can be triggered\nremotely may allow a denial of service attack due to excessive memory\nconsumption.\n\n", "published": "2004-06-13T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://httpd.apache.org/security_report.html", "cvelist": ["CVE-2004-0493"], "lastseen": "2018-04-11T18:10:29"}], "nessus": [{"id": "MANDRAKE_MDKSA-2004-064.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064)", "description": "A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow.\n\nThe updated packages contain a patch from the ASF to correct the problem.\n\nIt is recommended that you stop Apache prior to updating and then restart it again once the update is complete ('service httpd stop' and 'service httpd start' respectively).", "published": "2004-07-31T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14163", "cvelist": ["CVE-2004-0493"], "lastseen": "2017-10-29T13:43:11"}, {"id": "GENTOO_GLSA-200407-03.NASL", "type": "nessus", "title": "GLSA-200407-03 : Apache 2: Remote denial of service attack", "description": "The remote host is affected by the vulnerability described in GLSA-200407-03 (Apache 2: Remote denial of service attack)\n\n A bug in the protocol.c file handling header lines will cause Apache to allocate memory for header lines starting with TAB or SPACE.\n Impact :\n\n An attacker can exploit this vulnerability to perform a Denial of Service attack by causing Apache to exhaust all memory. On 64 bit systems with more than 4GB of virtual memory a possible integer signedness error could lead to a buffer based overflow causing Apache to crash and under some circumstances execute arbitrary code as the user running Apache, usually 'apache'.\n Workaround :\n\n There is no known workaround at this time. All users are encouraged to upgrade to the latest available version:", "published": "2004-08-30T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14536", "cvelist": ["CVE-2004-0493"], "lastseen": "2017-10-29T13:35:45"}, {"id": "APACHE_INPUT_HEADER_FOLDING_DOS.NASL", "type": "nessus", "title": "Apache 2.x < 2.0.50 Multiple Remote DoS", "description": "The remote host appears to be running a version of Apache 2.x that is prior to 2.0.50. It is, therefore, affected by a denial of service vulnerability that can be triggered by sending a specially crafted HTTP request, which results in the consumption of an arbitrary amount of memory. On 64-bit systems with more than 4GB virtual memory, this may lead to a heap based buffer overflow.\n\nThere is also a denial of service vulnerability in mod_ssl's 'ssl_io_filter_cleanup' function. By sending a request to a vulnerable server over SSL and closing the connection before the server can send a response, an attacker can cause a memory violation that crashes the server.", "published": "2004-06-29T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12293", "cvelist": ["CVE-2004-0493", "CVE-2004-0748"], "lastseen": "2018-01-23T23:06:42"}, {"id": "REDHAT-RHSA-2004-342.NASL", "type": "nessus", "title": "RHEL 3 : httpd (RHSA-2004:342)", "description": "Updated httpd packages that fix a buffer overflow in mod_ssl and a remotely triggerable memory leak are now available.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.\n\nA stack-based buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue.\n\nA remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0493 to this issue.\n\nUsers of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.", "published": "2004-07-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12636", "cvelist": ["CVE-2004-0493", "CVE-2004-0488"], "lastseen": "2017-10-29T13:35:42"}, {"id": "MACOSX_SECUPD20040907.NASL", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)", "description": "The remote host is missing Security Update 2004-09-07. This security update fixes the following components :\n\n - CoreFoundation\n - IPSec\n - Kerberos\n - libpcap\n - lukemftpd\n - NetworkConfig\n - OpenLDAP\n - OpenSSH\n - PPPDialer\n - rsync\n - Safari\n - tcpdump\n\nThese applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.", "published": "2004-09-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14676", "cvelist": ["CVE-2004-0825", "CVE-2004-0824", "CVE-2004-0184", "CVE-2004-0794", "CVE-2004-0183", "CVE-2004-0493", "CVE-2004-0823", "CVE-2004-0361", "CVE-2004-0822", "CVE-2004-0607", "CVE-2004-0523", "CVE-2004-0426", "CVE-2004-0488", "CVE-2004-0821", "CVE-2004-0175", "CVE-2004-0521", "CVE-2004-0720"], "lastseen": "2017-11-06T22:52:02"}], "openvas": [{"id": "OPENVAS:136141256231012293", "type": "openvas", "title": "Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities", "description": "The remote host appears to be running a version of Apache 2.x which is\n older than 2.0.50.", "published": "2005-11-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231012293", "cvelist": ["CVE-2004-0493"], "lastseen": "2018-03-28T17:06:14"}, {"id": "OPENVAS:12293", "type": "openvas", "title": "Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities", "description": "The remote host appears to be running a version of Apache 2.x which is\nolder than 2.0.50. \n\nThere is denial of service in apache httpd 2.0.x by sending a\nspecially crafted HTTP request. It is possible to consume arbitrary\namount of memory. On 64 bit systems with more than 4GB virtual memory\nthis may lead to heap based buffer overflow. See also\nhttp://www.guninski.com/httpd1.html\n\nThere is also a denial of service vulnerability in mod_ssl's\nssl_io_filter_cleanup function. By sending a request to vulnerable\nserver over SSL and closing the connection before the server can send\na response, an attacker can cause a memory violation that crashes the\nserver.", "published": "2005-11-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=12293", "cvelist": ["CVE-2004-0493"], "lastseen": "2017-12-08T11:44:09"}, {"id": "OPENVAS:54610", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200407-03 (Apache)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200407-03.", "published": "2008-09-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54610", "cvelist": ["CVE-2004-0493"], "lastseen": "2017-07-24T12:49:57"}, {"id": "OPENVAS:1361412562310835148", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX01064", "description": "Check for the Version of Apache", "published": "2009-05-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835148", "cvelist": ["CVE-2004-0493", "CVE-2004-0595", "CVE-2004-0488", "CVE-2004-0594"], "lastseen": "2018-04-09T11:40:13"}, {"id": "OPENVAS:835148", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX01064", "description": "Check for the Version of Apache", "published": "2009-05-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=835148", "cvelist": ["CVE-2004-0493", "CVE-2004-0595", "CVE-2004-0488", "CVE-2004-0594"], "lastseen": "2017-07-24T12:56:40"}], "exploitdb": [{"id": "EDB-ID:371", "type": "exploitdb", "title": "Apache HTTPd - Arbitrary Long HTTP Headers DoS C", "description": "Apache HTTPd Arbitrary Long HTTP Headers DoS (c version). CVE-2004-0493. Dos exploit for linux platform", "published": "2004-08-02T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/371/", "cvelist": ["CVE-2004-0493"], "lastseen": "2016-01-31T12:15:58"}, {"id": "EDB-ID:360", "type": "exploitdb", "title": "Apache HTTPd Arbitrary Long HTTP Headers DoS", "description": "Apache HTTPd Arbitrary Long HTTP Headers DoS. CVE-2004-0493. Dos exploits for multiple platform", "published": "2004-07-22T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/360/", "cvelist": ["CVE-2004-0493"], "lastseen": "2016-01-31T12:14:38"}], "gentoo": [{"id": "GLSA-200407-03", "type": "gentoo", "title": "Apache 2: Remote denial of service attack", "description": "### Background\n\nThe Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. \n\n### Description\n\nA bug in the protocol.c file handling header lines will cause Apache to allocate memory for header lines starting with TAB or SPACE. \n\n### Impact\n\nAn attacker can exploit this vulnerability to perform a Denial of Service attack by causing Apache to exhaust all memory. On 64 bit systems with more than 4GB of virtual memory a possible integer signedness error could lead to a buffer based overflow causing Apache to crash and under some circumstances execute arbitrary code as the user running Apache, usually \"apache\". \n\n### Workaround\n\nThere is no known workaround at this time. All users are encouraged to upgrade to the latest available version: \n\n### Resolution\n\nApache 2 users should upgrade to the latest version of Apache: \n \n \n # emerge sync\n \n # emerge -pv \">=www-servers/apache-2.0.49-r4\"\n # emerge \">=www-servers/apache-2.0.49-r4\"", "published": "2004-07-04T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200407-03", "cvelist": ["CVE-2004-0493"], "lastseen": "2016-09-06T19:46:15"}], "osvdb": [{"id": "OSVDB:7269", "type": "osvdb", "title": "Multiple HTTP Server Input Header Folding DoS", "description": "## Vulnerability Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when overly long header lines starting with either a TAB or SPACE character are processed by the \"ap_get_mime_headers_core()\" function, and will result in loss of availability for the service.\n## Solution Description\nUpgrade to version 2.0.50 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when overly long header lines starting with either a TAB or SPACE character are processed by the \"ap_get_mime_headers_core()\" function, and will result in loss of availability for the service.\n## References:\nVendor URL: http://www.apachefriends.org/en/xampp-linux.html\nVendor URL: http://www.apache.org\nVendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg24007451\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200407-03.xml)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21174271&loc=en_US&cs=utf-8&lang=en+en)\nSecurity Tracker: 1010599\nSecurity Tracker: 1010621\n[Secunia Advisory ID:11967](https://secuniaresearch.flexerasoftware.com/advisories/11967/)\n[Secunia Advisory ID:12004](https://secuniaresearch.flexerasoftware.com/advisories/12004/)\n[Secunia Advisory ID:12244](https://secuniaresearch.flexerasoftware.com/advisories/12244/)\n[Secunia Advisory ID:11956](https://secuniaresearch.flexerasoftware.com/advisories/11956/)\n[Secunia Advisory ID:12098](https://secuniaresearch.flexerasoftware.com/advisories/12098/)\n[Secunia Advisory ID:12023](https://secuniaresearch.flexerasoftware.com/advisories/12023/)\n[Secunia Advisory ID:12181](https://secuniaresearch.flexerasoftware.com/advisories/12181/)\n[Secunia Advisory ID:12646](https://secuniaresearch.flexerasoftware.com/advisories/12646/)\nOther Advisory URL: http://www.guninski.com/httpd1.html\nOther Advisory URL: http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01064\nOther Advisory URL: http://www.apacheweek.com/features/security-20\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-342.html\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:064\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868\n[Nessus Plugin ID:12293](https://vulners.com/search?query=pluginID:12293)\n[Nessus Plugin ID:14536](https://vulners.com/search?query=pluginID:14536)\n[Nessus Plugin ID:14163](https://vulners.com/search?query=pluginID:14163)\nGeneric Exploit URL: http://www.securiteam.com/exploits/5TP0Q0ADFO.html\n[CVE-2004-0493](https://vulners.com/cve/CVE-2004-0493)\n", "published": "2004-06-28T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:7269", "cvelist": ["CVE-2004-0493"], "lastseen": "2017-04-28T13:20:02"}], "redhat": [{"id": "RHSA-2004:342", "type": "redhat", "title": "(RHSA-2004:342) httpd security update", "description": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nA stack buffer overflow was discovered in mod_ssl that could be triggered\nif using the FakeBasicAuth option. If mod_ssl was sent a client certificate\nwith a subject DN field longer than 6000 characters, a stack overflow\noccured if FakeBasicAuth had been enabled. In order to exploit this issue\nthe carefully crafted malicious certificate would have had to be signed by\na Certificate Authority which mod_ssl is configured to trust. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0488 to this issue.\n\nA remotely triggered memory leak in the Apache HTTP Server earlier than\nversion 2.0.50 was also discovered. This allowed a remote attacker to\nperform a denial of service attack against the server by forcing it to\nconsume large amounts of memory. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2004-0493 to this issue.\n\nUsers of the Apache HTTP server should upgrade to these updated packages,\nwhich contain backported patches that address these issues.", "published": "2004-07-06T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2004:342", "cvelist": ["CVE-2004-0488", "CVE-2004-0493"], "lastseen": "2017-08-02T22:57:43"}, {"id": "RHSA-2004:392", "type": "redhat", "title": "(RHSA-2004:392) php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP server.\n\nStefan Esser discovered a flaw when memory_limit is enabled in versions of\nPHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to\nallocate more memory than the memory_limit setting before script execution\nbegins, then the attacker may be able to supply the contents of a PHP hash\ntable remotely. This hash table could then be used to execute arbitrary\ncode as the 'apache' user. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0594 to this issue.\n\nThis issue has a higher risk when PHP is running on an instance of Apache\nwhich is vulnerable to CAN-2004-0493. For Red Hat Enterprise Linux 3, this\nApache memory exhaustion issue was fixed by a previous update,\nRHSA-2004:342. It may also be possible to exploit this issue if using a\nnon-default PHP configuration with the \"register_defaults\" setting is\nchanged to \"On\". Red Hat does not believe that this flaw is exploitable in\nthe default configuration of Red Hat Enterprise Linux 3.\n\nStefan Esser discovered a flaw in the strip_tags function in versions of\nPHP before 4.3.8. The strip_tags function is commonly used by PHP scripts\nto prevent Cross-Site-Scripting attacks by removing HTML tags from\nuser-supplied form data. By embedding NUL bytes into form data, HTML tags\ncan in some cases be passed intact through the strip_tags function, which\nmay allow a Cross-Site-Scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to\nthis issue. \n\nAll users of PHP are advised to upgrade to these updated packages, which\ncontain backported patches that address these issues.", "published": "2004-07-19T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2004:392", "cvelist": ["CVE-2004-0493", "CVE-2004-0594", "CVE-2004-0595"], "lastseen": "2017-08-02T22:57:49"}], "suse": [{"id": "SUSE-SA:2004:021", "type": "suse", "title": "remote code execution in php4/mod_php4", "description": "PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the \"memory_limit\" handling of PHP which allows remote attackers to execute arbitrary code as the user running the PHP interpreter. This problem has been fixed. Additionally a problem within the \"strip_tags\" function has been found and fixed which allowed remote attackers to inject arbitrary tags into certain web browsers, issuing XSS related attacks. Since there is no easy workaround except disabling PHP, we recommend an update for users running the PHP interpreter within the apache web server.", "published": "2004-07-16T12:43:18", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-07/msg00004.html", "cvelist": ["CVE-2004-0493", "CVE-2004-0398", "CVE-2004-0595", "CVE-2004-0179", "CVE-2004-0594"], "lastseen": "2016-09-04T11:22:50"}]}}
