Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0493

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-0493
Last Modified 21 Aug 2010 12:20:38
Published 06 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0493

Summary

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

  • Trustix Secure Linux 1.5

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

Application

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Ibm Http Server 2.0.42

  • Ibm Http Server 2.0.42.1

  • Ibm Http Server 2.0.42.2

  • Ibm Http Server 2.0.47

  • Ibm Http Server 2.0.47.1


References

BID - 10619

XF - apache-apgetmimeheaderscore-dos(16524)

TRUSTIX - 2004-0039

REDHAT - RHSA-2004:342

MISC - http://www.guninski.com/httpd1.html

CONFIRM - http://www.apacheweek.com/features/security-20

GENTOO - GLSA-200407-03

HP - SSRT4777

FULLDISC - 20040628 DoS in apache httpd 2.0.49, yet still apache much better than windows

MANDRAKE - MDKSA-2004:064

BUGTRAQ - 20040629 TSSA-2004-012 - apache


Last Updated: 27 May 2016 10:38:38