Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0113

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0113
Last Modified 10 Sep 2008 03:25:09
Published 29 Mar 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0113

Summary

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

Vulnerable Systems

Application

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48


References

BID - 9826

XF - apache-modssl-plain-dos(15419)

CONFIRM - http://www.apacheweek.com/features/security-20

MLIST - [apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c

TRUSTIX - 2004-0017

REDHAT - RHSA-2004:182

REDHAT - RHSA-2004:084

OSVDB - 4182

MANDRAKE - MDKSA-2004:043

GENTOO - GLSA-200403-04

HP - SSRT4717

APPLE - APPLE-SA-2004-05-03

BUGTRAQ - 20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48

MISC - http://issues.apache.org/bugzilla/show_bug.cgi?id=27106

CONECTIVA - CLSA-2004:839


Last Updated: 27 May 2016 10:38:28