ID CVE-2004-0492
Summary Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 1.3.26
    cpe:2.3:a:apache:http_server:1.3.26
  • Apache Software Foundation Apache HTTP Server 1.3.27
    cpe:2.3:a:apache:http_server:1.3.27
  • Apache Software Foundation Apache HTTP Server 1.3.28
    cpe:2.3:a:apache:http_server:1.3.28
  • Apache Software Foundation Apache HTTP Server 1.3.29
    cpe:2.3:a:apache:http_server:1.3.29
  • Apache Software Foundation Apache HTTP Server 1.3.31
    cpe:2.3:a:apache:http_server:1.3.31
  • cpe:2.3:a:hp:virtualvault:11.0.4
    cpe:2.3:a:hp:virtualvault:11.0.4
  • HP Webproxy 2.0
    cpe:2.3:a:hp:webproxy:2.0
  • HP Webproxy 2.1
    cpe:2.3:a:hp:webproxy:2.1
  • IBM IBM HTTP Server 1.3.26
    cpe:2.3:a:ibm:http_server:1.3.26
  • IBM IBM HTTP Server 1.3.26.1
    cpe:2.3:a:ibm:http_server:1.3.26.1
  • IBM IBM HTTP Server 1.3.26.2
    cpe:2.3:a:ibm:http_server:1.3.26.2
  • IBM IBM HTTP Server 1.3.28
    cpe:2.3:a:ibm:http_server:1.3.28
  • SGI ProPack 2.4
    cpe:2.3:a:sgi:propack:2.4
  • HP VVOS 11.04
    cpe:2.3:o:hp:vvos:11.04
  • OpenBSD
    cpe:2.3:o:openbsd:openbsd
  • OpenBSD 3.4
    cpe:2.3:o:openbsd:openbsd:3.4
  • OpenBSD 3.5
    cpe:2.3:o:openbsd:openbsd:3.5
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20041202.NASL
    description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 15898
    published 2004-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15898
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_116973.NASL
    description SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 15482
    published 2004-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15482
    title Solaris 8 (sparc) : 116973-07
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-525.NASL
    description Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy module, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of an Apache httpd child process (by default, user www-data). Note that this bug is only exploitable if the mod_proxy module is in use. Note that this bug exists in a module in the apache-common package, shared by apache, apache-ssl and apache-perl, so this update is sufficient to correct the bug for all three builds of Apache httpd. However, on systems using apache-ssl or apache-perl, httpd will not automatically be restarted.
    last seen 2019-01-16
    modified 2018-07-20
    plugin id 15362
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15362
    title Debian DSA-525-1 : apache - buffer overflow
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114145.NASL
    description SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13593
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13593
    title Solaris 9 (x86) : 114145-12
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_APACHE_1331_6_MOD_PROXY.NASL
    description The following package needs to be updated: apache13+ipv6
    last seen 2016-09-26
    modified 2004-09-28
    plugin id 14845
    published 2004-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14845
    title FreeBSD : apache -- heap overflow in mod_proxy (10)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-065.NASL
    description A buffer overflow vulnerability was found by George Guninski in Apache's mod_proxy module, which can be exploited by a remote user to potentially execute arbitrary code with the privileges of an httpd child process (user apache). This can only be exploited, however, if mod_proxy is actually in use. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ('service httpd stop' and 'service httpd start' respectively).
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 14164
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14164
    title Mandrake Linux Security Advisory : apache (MDKSA-2004:065)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CA6C8F350A5F11D9AD6F00061BC2AD93.NASL
    description A buffer overflow exists in mod_proxy which may allow an attacker to launch local DoS attacks and possibly execute arbitrary code.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 36428
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36428
    title FreeBSD : apache -- heap overflow in mod_proxy (ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-299-01.NASL
    description New apache and mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. Apache has been upgraded to version 1.3.32 which fixes a heap-based buffer overflow in mod_proxy. mod_ssl was upgraded from version mod_ssl-2.8.19-1.3.31 to version 2.8.21-1.3.32 which corrects a flaw allowing a client to use a cipher which the server does not consider secure enough. A new PHP package (php-4.3.9) is also available for all of these platforms.
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 18793
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18793
    title Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache, mod_ssl, php (SSA:2004-299-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_113146.NASL
    description SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13530
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13530
    title Solaris 9 (sparc) : 113146-13
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_116974.NASL
    description SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 15483
    published 2004-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15483
    title Solaris 8 (x86) : 116974-07
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-245.NASL
    description Updated httpd and mod_ssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue, an attacker would need an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0492 to this issue. On Red Hat Enterprise Linux platforms Red Hat believes this issue cannot lead to remote code execution. This issue also does not represent a Denial of Service attack as requests will continue to be handled by other Apache child processes. A stack-based buffer overflow was discovered in mod_ssl which can be triggered if using the FakeBasicAuth option. If mod_ssl is sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow can occur if FakeBasicAuth has been enabled. In order to exploit this issue the carefully crafted malicious certificate would have to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. This update also fixes a DNS handling bug in mod_proxy. The mod_auth_digest module is now included in the Apache package and should be used instead of mod_digest for sites requiring Digest authentication. Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 12506
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12506
    title RHEL 2.1 : apache, mod_ssl (RHSA-2004:245)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200406-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200406-16 (Apache 1.3: Buffer overflow in mod_proxy) A bug in the proxy_util.c file may lead to a remote buffer overflow. To trigger the vulnerability an attacker would have to get mod_proxy to connect to a malicous server which returns an invalid (negative) Content-Length. Impact : An attacker could cause a Denial of Service as the Apache child handling the request, which will die and under some circumstances execute arbitrary code as the user running Apache, usually 'apache'. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version:
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 14527
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14527
    title GLSA-200406-16 : Apache 1.3: Buffer overflow in mod_proxy
  • NASL family Web Servers
    NASL id APACHE_MOD_PROXY_BUFF_OVERFLOW.NASL
    description The remote web server appears to be running a version of Apache that is older than version 1.3.32. This version is reportedly vulnerable to a heap-based buffer overflow in proxy_util.c for mod_proxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary code on the server.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 15555
    published 2004-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15555
    title Apache mod_proxy Content-Length Overflow
oval via4
  • accepted 2008-11-24T04:00:08.014-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
    family unix
    id oval:org.mitre.oval:def:100112
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Apache mod_proxy Content-Length Header Buffer Overflow
    version 32
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    • name Brian Soby
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    description Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
    family unix
    id oval:org.mitre.oval:def:4863
    status accepted
    submitted 2004-10-14T01:12:00.000-04:00
    title Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow
    version 31
redhat via4
advisories
rhsa
id RHSA-2004:245
refmap via4
bugtraq 20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache)
cert-vn VU#541310
debian DSA-525
fedora FLSA:1737
fulldisc 20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows
hp
  • HPSBOV02683
  • SSRT090208
mandrake MDKSA-2004:065
misc http://www.guninski.com/modproxy1.html
secunia 11841
sgi 20040605-01-U
sunalert
  • 101555
  • 101841
  • 57628
xf apache-modproxy-contentlength-bo(16387)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 1.3.32: http://httpd.apache.org/security/vulnerabilities_13.html
Last major update 17-10-2016 - 22:45
Published 06-08-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top