Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0492

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0492
Last Modified 06 Sep 2011 09:23:14
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0492

Summary

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

Vulnerable Systems

Operating System

  • Hp Vvos 11.04

  • Openbsd

  • Openbsd 3.4

  • Openbsd 3.5

Application

  • Apache Http Server 1.3.26

  • Apache Http Server 1.3.27

  • Apache Http Server 1.3.28

  • Apache Http Server 1.3.29

  • Apache Http Server 1.3.31

  • Hp Virtualvault 11.0.4

  • Hp Webproxy 2.0

  • Hp Webproxy 2.1

  • Ibm Http Server 1.3.26

  • Ibm Http Server 1.3.26.1

  • Ibm Http Server 1.3.26.2

  • Ibm Http Server 1.3.28

  • Sgi Propack 2.4


References

CERT-VN - VU#541310

DEBIAN - DSA-525

REDHAT - RHSA-2004:245

BUGTRAQ - 20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache)

FEDORA - FLSA:1737

XF - apache-modproxy-contentlength-bo(16387)

MISC - http://www.guninski.com/modproxy1.html

SUNALERT - 57628

SUNALERT - 101841

SUNALERT - 101555

SECUNIA - 11841

FULLDISC - 20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows

HP - SSRT090208

HP - HPSBOV02683

SGI - 20040605-01-U

MANDRAKE - MDKSA-2004:065


Last Updated: 27 May 2016 10:38:38