ID CVE-2005-2970
Summary Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-10-2018 - 15:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2013-04-29T04:00:49.208-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
family unix
id oval:org.mitre.oval:def:10043
status accepted
submitted 2010-07-09T03:56:16-04:00
title Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
version 30
redhat via4
advisories
rhsa
id RHSA-2006:0159
rpms
  • httpd-0:2.0.46-56.ent
  • httpd-0:2.0.52-22.ent
  • httpd-debuginfo-0:2.0.46-56.ent
  • httpd-debuginfo-0:2.0.52-22.ent
  • httpd-devel-0:2.0.46-56.ent
  • httpd-devel-0:2.0.52-22.ent
  • httpd-manual-0:2.0.52-22.ent
  • httpd-suexec-0:2.0.52-22.ent
  • mod_ssl-1:2.0.46-56.ent
  • mod_ssl-1:2.0.52-22.ent
refmap via4
bid 15762
confirm
fedora
  • FEDORA-2006-052
  • FLSA-2006:175406
mandriva MDKSA-2005:233
mlist
  • [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
sectrack 1015093
secunia
  • 16559
  • 17923
  • 18161
  • 18333
  • 18585
suse SUSE-SR:2005:028
ubuntu USN-225-1
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 19-10-2018 - 15:34
Published 25-10-2005 - 17:06
Last modified 19-10-2018 - 15:34
Back to Top