CVE-2004-0113Missing Release of Memory after Effective Lifetime in Apache Http Server

7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
15.7%
top 5.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedMar 29
Latest updateApr 29

Description

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server14 versions+13

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-hq2q-rqpw-7wx5: Memory leak in ssl_engine_io2022-04-29
CVEList
CVE-2004-0113: Memory leak in ssl_engine_io2004-09-01
OSV
CVE-2004-0113: Memory leak in ssl_engine_io2004-03-29

📋Vendor Advisories

2
Red Hat
security flaw2004-02-20
Debian
CVE-2004-0113: apache2 - Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remo...2004

💬Community

1
Bugzilla
CVE-2004-0113 security flaw2018-08-16
CVE-2004-0113 — Apache Http Server vulnerability | cvebase