CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

DEBIAN-CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

Exploit for linux platform in category dos / poc ======================================================== Apache HTTPd Arbitrary Long HTTP Headers DoS c version ======================================================== include include include include include include include include include define ...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

No description provided by source. include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip; bzero&hrm.sinzero,8;...

Mandrake Linux Security Advisory : apache2 (MDKSA-2003:096-1)

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write call in...

Fedora Core 2 : httpd-2.0.50-2.1 (2004-204)

This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak CVE-2004-0493, and a buffer overflow in modssl which can be triggered only by a trusted client certificate with a long subject DN field CVE-2004-0488. Note that...

Fedora Core 1 : httpd-2.0.49-1.1 (2004-117)

This update includes the latest stable release of Apache httpd 2.0, including a security fix for a memory leak in modssl which can be triggered remotely CVE-2004-0113, and a fix for escaping of error log output CVE-2003-0020. This update also includes an enhanced version of the modcgi module whic...

Fedora Core 1 : httpd-2.0.48-1.2 (2003-004)

This update includes the latest stable release of Apache httpd 2.0, including a fix for the security issue CVE-2003-0542, a buffer overflow in the parsing of configuration files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

Fedora Core 1 : httpd-2.0.50-1.0 (2004-203)

This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak CVE-2004-0493, and a buffer overflow in modssl which can be triggered only by a trusted client certificate with a long subject DN field CVE-2004-0488. Note that...

Apache HTTPd Arbitrary Long HTTP Headers DoS

Exploit for unknown platform in category dos / poc ============================================ Apache HTTPd Arbitrary Long HTTP Headers DoS ============================================ /usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html...

Apache Httpd < 2.0.51 : Malicious SSL proxy can cause crash

An issue was discovered in the modssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue ...

Apache Httpd < 2.0.51 : SSL connection infinite loop

An issue was discovered in the modssl module in Apache 2.0. A remote attacker who forces an SSL connection to be aborted in a particular state may cause an Apache child process to enter an infinite loop, consuming CPU resources...

RHEL 2.1 : mod_ssl (RHSA-2002:136)

Updated modssl packages are now available for Red Hat Advanced Server. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL a...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

CVE-2004-0493

The CVE-2004-0493 entry relates to Apache httpd 2.0.x prior to 2.0.50, where long MIME header lines with excessive spaces/tabs can cause memory exhaustion and, on 64-bit systems, a potential heap-based buffer overflow. Connected advisories confirm DoS concerns across Apache 2.0.x and related modu...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

Apache Httpd < 2.0.50 : Header parsing memory leak

A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...

[Full-Disclosure] [RHSA-2004:182-01] Updated httpd packages fix mod_ssl security issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix modssl security issue Advisory ID: RHSA-2004:182-01 Issue date: 2004-04-30 Updated on: 2004-04-30 Product: Red Hat...