Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0493

9 documents8 sources
Severity
6.4MEDIUM
EPSS
90.5%
top 0.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
8
Apache Http ServerAvaya Converged Communications ServerAvaya S8300+5 more
Timeline
PublishedAug 6
Latest updateApr 29

Description

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages9 packages

Debianapache2< 2.0.50-1+3
NVDapache/http_server2.0.47, 2.0.48, 2.0.49+2
NVDavaya/s8300r2.0.0
NVDavaya/s8500r2.0.0
NVDavaya/s8700r2.0.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-jc6w-8vm4-hvp8: The ap_get_mime_headers_core function in Apache httpd 22022-04-29
OSV
CVE-2004-0493: The ap_get_mime_headers_core function in Apache httpd 22004-08-06
CVEList
CVE-2004-0493: The ap_get_mime_headers_core function in Apache httpd 22004-06-30

💥Exploits & PoCs

2
Exploit-DB
Apache - Arbitrary Long HTTP Headers Denial of Service2004-08-02
Exploit-DB
Apache - Arbitrary Long HTTP Headers (Denial of Service)2004-07-22

📋Vendor Advisories

2
Red Hat
security flaw2004-06-28
Debian
CVE-2004-0493: apache2 - The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attac...2004

💬Community

1
Bugzilla
CVE-2004-0493 security flaw2018-08-16