CVE-2004-0174 — Improper Locking in Apache Http Server

CWE-667 — Improper Locking5 documents5 sources

Severity

7.5HIGHNVD

EPSS

19.9%

top 4.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedMay 4

Latest updateApr 29

Description

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDapache/http_server2.0.49

Patches

Patch: marc.info ↗Patch: marc.info ↗Patch: marc.info ↗

🔴Vulnerability Details

GHSA

GHSA-gvmp-gr98-mp6j: Apache 1↗2022-04-29

▶

CVEList

CVE-2004-0174: Apache 1↗2004-03-25

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-03-19

▶

💬Community

Bugzilla

CVE-2004-0174 security flaw↗2018-08-16

▶