Vulnerability Name:

CVE-2003-0132 (CCN-11695)

Assigned:2003-04-02
Published:2003-04-02
Updated:2021-07-15
Summary:A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-772
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Wed Apr 02 2003 - 01:38:28 CST
[ANNOUNCE] Apache 2.0.45 Released

Source: MITRE
Type: CNA
CVE-2003-0132

Source: CCN
Type: Apple Security Updates
Mac OS X 10.2.5

Source: CCN
Type: Apache HTTP Server Project Web site
Download - The Apache HTTP Server Project

Source: CONFIRM
Type: Third Party Advisory
http://lists.apple.com/mhonarc/security-announce/msg00028.html

Source: BUGTRAQ
Type: Issue Tracking, Third Party Advisory
20030402 [ANNOUNCE] Apache 2.0.45 Released

Source: BUGTRAQ
Type: Issue Tracking, Third Party Advisory
20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x

Source: BUGTRAQ
Type: Issue Tracking, Third Party Advisory
20030409 GLSA: apache (200304-01)

Source: BUGTRAQ
Type: Issue Tracking, Third Party Advisory
20030408 Exploit Code Released for Apache 2.x Memory Leak

Source: BUGTRAQ
Type: Exploit, Issue Tracking, Third Party Advisory
20030410 working apache <= 2.0.44 DoS exploit for linux.

Source: BUGTRAQ
Type: Issue Tracking, Third Party Advisory
20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service

Source: CCN
Type: RHSA-2003-139
Updated httpd packages fix security vulnerabilities.

Source: CCN
Type: SA34920
CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
34920

Source: CCN
Type: SA8499
Apache Linefeed Denial of Service Vulnerability

Source: SECUNIA
Type: Third Party Advisory
8499

Source: MISC
Type: Broken Link
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147

Source: CCN
Type: CIAC Information Bulletin N-146
Apache 2.0.47 Release Fixes Security Vulnerabilities

Source: MISC
Type: Third Party Advisory
http://www.idefense.com/advisory/04.08.03.txt

Source: CCN
Type: US-CERT VU#206537
Apache vulnerable to DoS

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#206537

Source: CCN
Type: Gentoo Linux Security Announcement 200304-01
apache Denial of service in Apache 2.x

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:632
apache

Source: CCN
Type: OSVDB ID: 9712
Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS

Source: REDHAT
Type: Third Party Advisory
RHSA-2003:139

Source: CCN
Type: BID-7254
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Source: VUPEN
Type: Third Party Advisory
ADV-2009-1233

Source: XF
Type: UNKNOWN
apache-http-lf-dos(11695)

Source: CCN
Type: iDEFENSE Security Advisory 04.08.03
Denial of Service in Apache HTTP Server 2.x

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:156

Source: CCN
Type: CA20090429-01
Security Notice for CA ARCserve Backup Apache HTTP Server

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.0.44)

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:156
    V
    		Apache Linefeed Allocation Vulnerability
    2010-09-20
    BACK
    apache http server *
    apache http server 2.0
    apache http server 2.0.38
    apache http server 2.0.39
    apache http server 2.0.42
    apache http server 2.0.40
    apache http server 2.0.28
    apache http server 2.0.32
    apache http server 2.0.35
    apache http server 2.0.36
    apache http server 2.0.37
    apache http server 2.0.41
    apache http server 2.0.43
    apache http server 2.0.44
    apache http server 2.0.9
    hp hp-ux 11.00
    redhat linux 7
    hp hp-ux 11.11
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.3
    gentoo linux *
    redhat linux 8.0
    hp hp-ux 11.22
    mandrakesoft mandrake linux 9.1
    redhat linux 9.0
    conectiva linux 9.0
    mandrakesoft mandrake linux 9.1