CVE-2005-2970

Summary

CVE	CVE-2005-2970
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-10-25 17:06:00 UTC
Updated	2023-02-13 01:16:00 UTC
Description	Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

Risk And Classification

Problem Types: CWE-770

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Http Server	All	All	All	All
Application	Apache	Http Server	2.0	All	All	All
Application	Apache	Http Server	2.0	All	All	All
Operating System	Canonical	Ubuntu Linux	4.10	All	All	All
Operating System	Canonical	Ubuntu Linux	5.04	All	All	All
Operating System	Canonical	Ubuntu Linux	5.10	All	All	All
Operating System	Fedoraproject	Fedora Core	4	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	3.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	4.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	3.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	4.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	3.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	4.0	All	All	All

References

Reference	Source	Link	Tags
Mailing list archives	MISC	mail-archives.apache.org
SecurityFocus	FEDORA	www.securityfocus.com
Pony Mail!	MLIST	lists.apache.org
[Apache-SVN] Revision 292949	CONFIRM	svn.apache.org
Pony Mail!	MISC	lists.apache.org
usn/usn-225-1 - Ubuntu Linux	UBUNTU	www.ubuntu.com
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Secunia - Advisories - Mandriva update for apache2	SECUNIA	secunia.com
Secunia - Advisories - Fedora update for httpd	SECUNIA	secunia.com
Secunia - Advisories - Ubuntu update for apache2	SECUNIA	secunia.com
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
rhn.redhat.com \| Red Hat Support	REDHAT	rhn.redhat.com
Secunia - Advisories - Apache Byte-Range Filter and MPM Worker Denial of Service Vulnerabilities	SECUNIA	secunia.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Pony Mail!	MLIST	lists.apache.org
SecurityTracker.com Archives - Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service	SECTRACK	securitytracker.com
Pony Mail!	MISC	lists.apache.org
Mailing list archives	CONFIRM	mail-archives.apache.org	Patch
[SECURITY] Fedora Core 4 Update: httpd-2.0.54-10.3	FEDORA	www.redhat.com
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Security Announcement	SUSE	www.novell.com
Pony Mail!	MISC	lists.apache.org
Secunia - Advisories - Red Hat update for httpd	SECUNIA	secunia.com
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Advisories - Mandriva Linux	MANDRIVA	www.mandriva.com
Pony Mail!	MLIST	lists.apache.org
Apache MPM Worker.C Denial Of Service Vulnerability	BID	www.securityfocus.com
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MISC	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Apache	2008-07-02	Mark J Cox	Fixed in Apache HTTP Server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html

There are currently no legacy QID mappings associated with this CVE.