Vulnerability in Apache Http_server
CVE-2004-0492
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, w…
EPSS: 0.336 (98.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Http_server — versions 1.3.26, 1.3.27, 1.3.28
- Hp Virtualvault — versions 11.0.4
- Hp Vvos — versions 11.04
- Hp Webproxy — versions 2.0, 2.1
- Ibm Http_server — versions 1.3.26, 1.3.26.1, 1.3.26.2
- Openbsd — versions 3.4, 3.5
- Sgi Propack — versions 2.4
- N/a — versions n/a
References
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Patch, Vendor Advisory)
- cve@mitre.org (x_refsource_HP, vendor-advisory)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (vendor-advisory, x_refsource_SUNALERT)
- cve@mitre.org (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)