ID CVE-2004-0493
Summary The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
References
Vulnerable Configurations
  • Avaya Converged Communications Server 2.0
    cpe:2.3:h:avaya:converged_communications_server:2.0
  • Gentoo Linux 1.4
    cpe:2.3:o:gentoo:linux:1.4
  • Trustix Secure Linux 1.5
    cpe:2.3:o:trustix:secure_linux:1.5
  • Trustix Secure Linux 2.0
    cpe:2.3:o:trustix:secure_linux:2.0
  • Trustix Secure Linux 2.1
    cpe:2.3:o:trustix:secure_linux:2.1
  • Apache Software Foundation Apache HTTP Server 2.0.47
    cpe:2.3:a:apache:http_server:2.0.47
  • Apache Software Foundation Apache HTTP Server 2.0.48
    cpe:2.3:a:apache:http_server:2.0.48
  • Apache Software Foundation Apache HTTP Server 2.0.49
    cpe:2.3:a:apache:http_server:2.0.49
  • IBM IBM HTTP Server 2.0.42
    cpe:2.3:a:ibm:http_server:2.0.42
  • IBM IBM HTTP Server 2.0.42.1
    cpe:2.3:a:ibm:http_server:2.0.42.1
  • IBM IBM HTTP Server 2.0.42.2
    cpe:2.3:a:ibm:http_server:2.0.42.2
  • IBM IBM HTTP Server 2.0.47
    cpe:2.3:a:ibm:http_server:2.0.47
  • IBM IBM HTTP Server 2.0.47.1
    cpe:2.3:a:ibm:http_server:2.0.47.1
  • cpe:2.3:h:avaya:s8300:r2.0.0
    cpe:2.3:h:avaya:s8300:r2.0.0
  • cpe:2.3:h:avaya:s8500:r2.0.0
    cpe:2.3:h:avaya:s8500:r2.0.0
  • cpe:2.3:h:avaya:s8700:r2.0.0
    cpe:2.3:h:avaya:s8700:r2.0.0
CVSS
Base: 6.4 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
exploit-db via4
  • description Apache HTTPd Arbitrary Long HTTP Headers DoS. CVE-2004-0493. Dos exploits for multiple platform
    id EDB-ID:360
    last seen 2016-01-31
    modified 2004-07-22
    published 2004-07-22
    reporter bkbll
    source https://www.exploit-db.com/download/360/
    title Apache HTTPd Arbitrary Long HTTP Headers DoS
  • description Apache HTTPd Arbitrary Long HTTP Headers DoS (c version). CVE-2004-0493. Dos exploit for linux platform
    id EDB-ID:371
    last seen 2016-01-31
    modified 2004-08-02
    published 2004-08-02
    reporter N/A
    source https://www.exploit-db.com/download/371/
    title Apache HTTPd - Arbitrary Long HTTP Headers DoS C
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200407-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200407-03 (Apache 2: Remote denial of service attack) A bug in the protocol.c file handling header lines will cause Apache to allocate memory for header lines starting with TAB or SPACE. Impact : An attacker can exploit this vulnerability to perform a Denial of Service attack by causing Apache to exhaust all memory. On 64 bit systems with more than 4GB of virtual memory a possible integer signedness error could lead to a buffer based overflow causing Apache to crash and under some circumstances execute arbitrary code as the user running Apache, usually 'apache'. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version:
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 14536
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14536
    title GLSA-200407-03 : Apache 2: Remote denial of service attack
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-342.NASL
    description Updated httpd packages that fix a buffer overflow in mod_ssl and a remotely triggerable memory leak are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A stack-based buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. A remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0493 to this issue. Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12636
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12636
    title RHEL 3 : httpd (RHSA-2004:342)
  • NASL family Web Servers
    NASL id APACHE_INPUT_HEADER_FOLDING_DOS.NASL
    description The remote host appears to be running a version of Apache 2.x that is prior to 2.0.50. It is, therefore, affected by a denial of service vulnerability that can be triggered by sending a specially crafted HTTP request, which results in the consumption of an arbitrary amount of memory. On 64-bit systems with more than 4GB virtual memory, this may lead to a heap based buffer overflow. There is also a denial of service vulnerability in mod_ssl's 'ssl_io_filter_cleanup' function. By sending a request to a vulnerable server over SSL and closing the connection before the server can send a response, an attacker can cause a memory violation that crashes the server.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 12293
    published 2004-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12293
    title Apache 2.x < 2.0.50 Multiple Remote DoS
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-064.NASL
    description A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow. The updated packages contain a patch from the ASF to correct the problem. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ('service httpd stop' and 'service httpd start' respectively).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14163
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14163
    title Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20040907.NASL
    description The remote host is missing Security Update 2004-09-07. This security update fixes the following components : - CoreFoundation - IPSec - Kerberos - libpcap - lukemftpd - NetworkConfig - OpenLDAP - OpenSSH - PPPDialer - rsync - Safari - tcpdump These applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 14676
    published 2004-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14676
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)
oval via4
accepted 2013-04-29T04:07:02.863-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
family unix
id oval:org.mitre.oval:def:10605
status accepted
submitted 2010-07-09T03:56:16-04:00
title The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
version 23
redhat via4
advisories
rhsa
id RHSA-2004:342
refmap via4
bid 10619
bugtraq 20040629 TSSA-2004-012 - apache
confirm http://www.apacheweek.com/features/security-20
fulldisc 20040628 DoS in apache httpd 2.0.49, yet still apache much better than windows
gentoo GLSA-200407-03
hp SSRT4777
mandrake MDKSA-2004:064
misc http://www.guninski.com/httpd1.html
trustix 2004-0039
xf apache-apgetmimeheaderscore-dos(16524)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.50: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 17-10-2016 - 22:45
Published 06-08-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top