Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0132 — Missing Release of Resource after Effective Lifetime in Apache Http Server

CWE-772 — Missing Release of Resource after Effective Lifetime9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

85.0%

top 0.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Http Server

Timeline

PublishedApr 11

Latest updateApr 29

Description

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server2.0.0 — 2.0.44

🔴Vulnerability Details

GHSA

GHSA-g3vc-c43j-gjjv: A memory leak in Apache 2↗2022-04-29

▶

OSV

CVE-2003-0132: A memory leak in Apache 2↗2003-04-11

▶

CVEList

CVE-2003-0132: A memory leak in Apache 2↗2003-04-03

▶

💥Exploits & PoCs

Exploit-DB

Apache 2.0.44 (Linux) - Remote Denial of Service↗2003-04-11

▶

Exploit-DB

Apache 2.x - Memory Leak↗2003-04-09

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-04-02

▶

Debian

CVE-2003-0132: apache2 - A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a de...↗2003

▶

💬Community

Bugzilla

CVE-2003-0132 security flaw↗2018-08-16

▶