Heap-based Buffer Overflow in Apache Mod_Proxy
CVE-2004-0492
Currently unrated
Key Information:
- Vendor
HP
- Vendor
- CVE Published:
- 6 August 2004
What is CVE-2004-0492?
The vulnerability arises from a heap-based buffer overflow in the mod_proxy module of the Apache HTTP Server, specifically in versions 1.3.25 through 1.3.31. This issue can be exploited by remote attackers through the use of a negative Content-Length header. An attacker can leverage this vulnerability to potentially cause a Denial of Service (DoS) by crashing the process, and there are concerns that arbitrary code execution could also be possible. Proper validation of incoming HTTP headers is crucial to mitigate this risk.