Heap-based Buffer Overflow in Apache Mod_Proxy
CVE-2004-0492

Currently unrated

Key Information:

Vendor: HP
Status: Webproxy; Virtualvault; Http Server; Propack
Vendor: CVE Published:; 6 August 2004

Summary

The vulnerability arises from a heap-based buffer overflow in the mod_proxy module of the Apache HTTP Server, specifically in versions 1.3.25 through 1.3.31. This issue can be exploited by remote attackers through the use of a negative Content-Length header. An attacker can leverage this vulnerability to potentially cause a Denial of Service (DoS) by crashing the process, and there are concerns that arbitrary code execution could also be possible. Proper validation of incoming HTTP headers is crucial to mitigate this risk.

References

http://marc.info/?l=bugtraq&m=108711172710140&w=2

mailing-listx_refsource_BUGTRAQ

https://bugzilla.fedora.us/show_bug.cgi?id=1737

vendor-advisoryx_refsource_FEDORA

http://rhn.redhat.com/errata/RHSA-2004-245.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 6, 2004
Vulnerability Reserved
May 27, 2004