CVE-2004-0492
Summary
| CVE | CVE-2004-0492 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-08-06 04:00:00 UTC |
| Updated | 2023-11-07 01:56:00 UTC |
| Description | Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Http Server | 1.3.26 | All | All | All |
| Application | Apache | Http Server | 1.3.27 | All | All | All |
| Application | Apache | Http Server | 1.3.28 | All | All | All |
| Application | Apache | Http Server | 1.3.29 | All | All | All |
| Application | Apache | Http Server | 1.3.31 | All | All | All |
| Application | Apache | Http Server | 1.3.26 | All | All | All |
| Application | Apache | Http Server | 1.3.27 | All | All | All |
| Application | Apache | Http Server | 1.3.28 | All | All | All |
| Application | Apache | Http Server | 1.3.29 | All | All | All |
| Application | Apache | Http Server | 1.3.31 | All | All | All |
| Application | Hp | Virtualvault | 11.0.4 | All | All | All |
| Application | Hp | Virtualvault | 11.0.4 | All | All | All |
| Operating System | Hp | Vvos | 11.04 | All | All | All |
| Operating System | Hp | Vvos | 11.04 | All | All | All |
| Application | Hp | Webproxy | 2.0 | All | All | All |
| Application | Hp | Webproxy | 2.1 | All | All | All |
| Application | Hp | Webproxy | 2.0 | All | All | All |
| Application | Hp | Webproxy | 2.1 | All | All | All |
| Application | Ibm | Http Server | 1.3.26 | All | All | All |
| Application | Ibm | Http Server | 1.3.26.1 | All | All | All |
| Application | Ibm | Http Server | 1.3.26.2 | All | All | All |
| Application | Ibm | Http Server | 1.3.28 | All | All | All |
| Application | Ibm | Http Server | 1.3.26 | All | All | All |
| Application | Ibm | Http Server | 1.3.26.1 | All | All | All |
| Application | Ibm | Http Server | 1.3.26.2 | All | All | All |
| Application | Ibm | Http Server | 1.3.28 | All | All | All |
| Operating System | Openbsd | Openbsd | All | All | All | All |
| Operating System | Openbsd | Openbsd | 3.4 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.5 | All | All | All |
| Operating System | Openbsd | Openbsd | All | All | All | All |
| Operating System | Openbsd | Openbsd | 3.4 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.5 | All | All | All |
| Application | Sgi | Propack | 2.4 | All | All | All |
| Application | Sgi | Propack | 2.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| FLSA:1737 | FEDORA | bugzilla.fedora.us | |
| Pony Mail! | MLIST | lists.apache.org | |
| #101841: Updated Solaris 8 Patches for Apache Security Vulnerabilities | SUNALERT | sunsolve.sun.com | |
| #57628: Security Vulnerabilities in the Apache Web Server and Apache Modules java.lang.NullPointerException | SUNALERT | sunsolve.sun.com | |
| Pony Mail! | lists.apache.org | ||
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| US-CERT Vulnerability Note VU#541310 | CERT-VN | www.kb.cert.org | US Government Resource |
| Pony Mail! | MLIST | lists.apache.org | |
| Debian -- Security Information -- DSA-525-1 apache | DEBIAN | www.debian.org | Patch, Vendor Advisory |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Pony Mail! | lists.apache.org | ||
| Advisories - Mandriva | MANDRAKE | www.mandriva.com | |
| 20040605-01-U | SGI | patches.sgi.com | |
| Buffer overflow in apache mod_proxy,yet still apache much better than windows | MISC | www.guninski.com | |
| '[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Ap' - MARC | HP | marc.info | |
| Pony Mail! | MLIST | lists.apache.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | Patch, Vendor Advisory |
| #101555: Security Vulnerabilities in the Apache Web Server and Apache Modules (formerly Document ID: 57628) | SUNALERT | sunsolve.sun.com | |
| Pony Mail! | lists.apache.org | ||
| '[OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache)' - MARC | BUGTRAQ | marc.info | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Secunia - Advisories - Apache mod_proxy "Content-Length:" Header Buffer Overflow Vulnerability | SECUNIA | secunia.com | |
| FullDisclosure: Buffer overflow in apache mod_proxy,yet still apache much better than windows | FULLDISC | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Apache | 2008-07-02 | Mark J Cox | Fixed in Apache HTTP Server 1.3.32: http://httpd.apache.org/security/vulnerabilities_13.html |
There are currently no legacy QID mappings associated with this CVE.