CVE-2005-2728 — Apache Http Server vulnerability

8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

61.8%

top 1.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedAug 30

Latest updateMay 3

Description

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server23 versions+22

Patches

Patch: issues.apache.org ↗Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-5rc2-352q-326v: The byte-range filter in Apache 2↗2022-05-03

▶

OSV

CVE-2005-2728: The byte-range filter in Apache 2↗2005-08-30

▶

CVEList

CVE-2005-2728: The byte-range filter in Apache 2↗2005-08-29

▶

📋Vendor Advisories

Ubuntu

Apache 2 vulnerabilities↗2005-09-07

▶

Debian

CVE-2005-2728: apache2 - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cau...↗2005

▶

Red Hat

security flaw↗2004-07-07

▶

💬Community

Bugzilla

CVE-2005-2728 security flaw↗2018-08-16

▶