Vulnerability Name: CVE-2003-0132 (CCN-11695) Assigned: 2003-04-02 Published: 2003-04-02 Updated: 2021-07-15 Summary: A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P )3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P )3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-772 Vulnerability Consequences: Denial of Service References: Source: CCN Type: BugTraq Mailing List, Wed Apr 02 2003 - 01:38:28 CST [ANNOUNCE] Apache 2.0.45 Released Source: MITRE Type: CNACVE-2003-0132 Source: CCN Type: Apple Security UpdatesMac OS X 10.2.5 Source: CCN Type: Apache HTTP Server Project Web siteDownload - The Apache HTTP Server Project Source: CONFIRM Type: Third Party Advisoryhttp://lists.apple.com/mhonarc/security-announce/msg00028.html Source: BUGTRAQ Type: Issue Tracking, Third Party Advisory20030402 [ANNOUNCE] Apache 2.0.45 Released Source: BUGTRAQ Type: Issue Tracking, Third Party Advisory20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x Source: BUGTRAQ Type: Issue Tracking, Third Party Advisory20030409 GLSA: apache (200304-01) Source: BUGTRAQ Type: Issue Tracking, Third Party Advisory20030408 Exploit Code Released for Apache 2.x Memory Leak Source: BUGTRAQ Type: Exploit, Issue Tracking, Third Party Advisory20030410 working apache <= 2.0.44 DoS exploit for linux. Source: BUGTRAQ Type: Issue Tracking, Third Party Advisory20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service Source: CCN Type: RHSA-2003-139Updated httpd packages fix security vulnerabilities. Source: CCN Type: SA34920CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory34920 Source: CCN Type: SA8499Apache Linefeed Denial of Service Vulnerability Source: SECUNIA Type: Third Party Advisory8499 Source: MISC Type: Broken Linkhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147 Source: CCN Type: CIAC Information Bulletin N-146Apache 2.0.47 Release Fixes Security Vulnerabilities Source: MISC Type: Third Party Advisoryhttp://www.idefense.com/advisory/04.08.03.txt Source: CCN Type: US-CERT VU#206537Apache vulnerable to DoS Source: CERT-VN Type: Third Party Advisory, US Government ResourceVU#206537 Source: CCN Type: Gentoo Linux Security Announcement 200304-01apache Denial of service in Apache 2.x Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:632apache Source: CCN Type: OSVDB ID: 9712Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS Source: REDHAT Type: Third Party AdvisoryRHSA-2003:139 Source: CCN Type: BID-7254Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability Source: VUPEN Type: Third Party AdvisoryADV-2009-1233 Source: XF Type: UNKNOWNapache-http-lf-dos(11695) Source: CCN Type: iDEFENSE Security Advisory 04.08.03Denial of Service in Apache HTTP Server 2.x Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/ Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ Source: MLIST Type: Mailing List, Vendor Advisory[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ Source: OVAL Type: Third Party Advisoryoval:org.mitre.oval:def:156 Source: CCN Type: CA20090429-01Security Notice for CA ARCserve Backup Apache HTTP Server Vulnerable Configuration: Configuration 1 :cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.0.44)Configuration CCN 1 :cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.9:*:*:*:*:*:*:* AND cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
apache http server *
apache http server 2.0
apache http server 2.0.38
apache http server 2.0.39
apache http server 2.0.42
apache http server 2.0.40
apache http server 2.0.28
apache http server 2.0.32
apache http server 2.0.35
apache http server 2.0.36
apache http server 2.0.37
apache http server 2.0.41
apache http server 2.0.43
apache http server 2.0.44
apache http server 2.0.9
hp hp-ux 11.00
redhat linux 7
hp hp-ux 11.11
redhat linux 7.1
redhat linux 7.2
redhat linux 7.3
gentoo linux *
redhat linux 8.0
hp hp-ux 11.22
mandrakesoft mandrake linux 9.1
redhat linux 9.0
conectiva linux 9.0
mandrakesoft mandrake linux 9.1