Heap-based Buffer Overflow in Apache Mod_Proxy
CVE-2004-0492

Currently unrated

Key Information:

Vendor

HP
Status
Webproxy
Virtualvault
Http Server
Propack
Vendor
CVE Published:
6 August 2004

What is CVE-2004-0492?

The vulnerability arises from a heap-based buffer overflow in the mod_proxy module of the Apache HTTP Server, specifically in versions 1.3.25 through 1.3.31. This issue can be exploited by remote attackers through the use of a negative Content-Length header. An attacker can leverage this vulnerability to potentially cause a Denial of Service (DoS) by crashing the process, and there are concerns that arbitrary code execution could also be possible. Proper validation of incoming HTTP headers is crucial to mitigate this risk.

References

http://marc.info/?l=bugtraq&m=108711172710140&w=2
mailing-listx_refsource_BUGTRAQ
https://bugzilla.fedora.us/show_bug.cgi?id=1737
vendor-advisoryx_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2004-245.html
vendor-advisoryx_refsource_REDHAT

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.