CVE-2004-0492

5 documents5 sources

Severity

10.0CRITICAL

EPSS

23.7%

top 4.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server HP Virtualvault HP Vvos +4 more

Timeline

PublishedAug 6

Latest updateMay 3

Description

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

▶NVDapache/http_server5 versions+4

▶NVDibm/http_server4 versions+3

▶NVDhp/vvos11.04

▶NVDhp/webproxy2.0, 2.1+1

▶NVDsgi/propack2.4

Patches

Patch: rhn.redhat.com ↗Patch: www.debian.org ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-w59m-3c5g-3v9c: Heap-based buffer overflow in proxy_util↗2022-05-03

▶

CVEList

CVE-2004-0492: Heap-based buffer overflow in proxy_util↗2004-06-23

▶

📋Vendor Advisories

Red Hat

httpd mod_proxy buffer overflow↗2004-06-10

▶

💬Community

Bugzilla

CVE-2004-0492 httpd mod_proxy buffer overflow↗2008-01-28

▶