Vulnerability Name:

CVE-2004-0492 (CCN-16387)

Assigned:2004-06-10
Published:2004-06-10
Updated:2021-06-06
Summary:Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20040605-01-U

Source: CCN
Type: Full-Disclosure Mailing List, Thu Jun 10 2004 - 09:38:26 CDT
Buffer overflow in apache mod_proxy,yet still apache much better than windows

Source: CCN
Type: Full-Disclosure Mailing List, Thu Jun 10 2004 - 10:46:45 CDT
Re: [Full-Disclosure] Buffer overflow in apache mod_proxy,yet still apache much better than windows

Source: MITRE
Type: CNA
CVE-2004-0492

Source: CCN
Type: AppleCare Knowledge Base Document 61798
Security Update 2004-12-02

Source: BUGTRAQ
Type: UNKNOWN
20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache)

Source: HP
Type: UNKNOWN
SSRT090208

Source: CCN
Type: apache-httpd-dev Mailing List, 2004-06-10 13:08:51
CAN-2004-0492 mod_proxy security issue

Source: CCN
Type: RHSA-2004-245
apache

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:245

Source: FULLDISC
Type: UNKNOWN
20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows

Source: CCN
Type: SA11841
Apache mod_proxy "Content-Length:" Header Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
11841

Source: CCN
Type: slackware-security Mailing List, Mon, 25 Oct 2004 17:40:01 -0700 (PDT)
[slackware-security] apache, mod_ssl, php (SSA:2004-299-01)

Source: SUNALERT
Type: UNKNOWN
101555

Source: SUNALERT
Type: UNKNOWN
101841

Source: CCN
Type: Sun Alert ID: 57628
Security Vulnerabilities in the Apache Web Server and Apache Modules

Source: SUNALERT
Type: UNKNOWN
57628

Source: CCN
Type: CIAC Information Bulletin O-169
Apache Buffer Overflow Vulnerability

Source: CCN
Type: CIAC Information Bulletin P-025
Apache HTTP Server 1.3.33 Released

Source: CCN
Type: CIAC Information Bulletin P-049
Apple Security Update 2004-12-02

Source: CCN
Type: CIAC INFORMATION BULLETIN P-273
Updated Solaris 8 Patches for Apache Security Vulnerabilities

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-525

Source: DEBIAN
Type: DSA-525
apache -- buffer overflow

Source: CCN
Type: GLSA-200406-16
Apache 1.3: Buffer overflow in mod_proxy

Source: MISC
Type: UNKNOWN
http://www.guninski.com/modproxy1.html

Source: CCN
Type: US-CERT VU#541310
Apache HTTP Server contains a buffer overflow in the mod_proxy module

Source: CERT-VN
Type: US Government Resource
VU#541310

Source: CCN
Type: GLSA 200406-16
Apache 1.3: Buffer overflow in mod_proxy

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:065

Source: CCN
Type: OpenPKG-SA-2004.029
Apache mod_proxy

Source: CCN
Type: BID-10508
Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability

Source: CCN
Type: TLSA-2004-31
Multiple vulnerabilities exist in Apache

Source: FEDORA
Type: UNKNOWN
FLSA:1737

Source: XF
Type: UNKNOWN
apache-modproxy-contentlength-bo(16387)

Source: XF
Type: UNKNOWN
apache-modproxy-contentlength-bo(16387)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100112

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4863

Source: SUSE
Type: SUSE-SA:2004:040
samba: remote denial of service

Source: SUSE
Type: SUSE-SA:2004:041
xshared XFree86-libs xorg-x11-libs: remote system compromise

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.29:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.26.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:hp:webproxy:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:webproxy:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.31:*:*:*:*:*:*:*
  • OR cpe:/a:hp:virtualvault:11.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:sgi:propack:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.26:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.26.1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:hp:vvos:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.31:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.20:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.28:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.26:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040492
    V
    		CVE-2004-0492
    2015-11-16
    oval:org.mitre.oval:def:100112
    V
    		Apache mod_proxy Content-Length Header Buffer Overflow
    2008-11-24
    oval:org.mitre.oval:def:4863
    V
    		Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow
    2004-12-09
    oval:org.debian:def:525
    V
    		buffer overflow
    2004-06-24
    BACK
    apache http server 1.3.28
    apache http server 1.3.29
    ibm http server 1.3.26.2
    ibm http server 1.3.28
    hp webproxy 2.0
    hp webproxy 2.1
    apache http server 1.3.31
    hp virtualvault 11.0.4
    sgi propack 2.4
    apache http server 1.3.26
    apache http server 1.3.27
    ibm http server 1.3.26
    ibm http server 1.3.26.1
    hp vvos 11.04
    openbsd openbsd *
    openbsd openbsd 3.4
    openbsd openbsd 3.5
    apache http server 1.3.26
    apache http server 1.3.27
    apache http server 1.3.28
    apache http server 1.3.29
    apache http server 1.3.31
    hp hp-ux 11.00
    sun solaris 8
    hp hp-ux 11.04
    hp hp-ux 11.11
    trustix secure linux 1.5
    hp hp-ux 11.20
    sun solaris 9
    debian debian linux 3.0
    slackware slackware linux 8.1
    openpkg openpkg current
    gentoo linux *
    hp hp-ux 11.22
    suse suse linux 8.1
    suse linux enterprise server 8
    slackware slackware linux current
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    slackware slackware linux 9.0
    suse suse linux 8.2
    redhat enterprise linux 2.1
    openpkg openpkg 1.3
    slackware slackware linux 9.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    openpkg openpkg 2.0
    mandrakesoft mandrake linux 10.0
    ibm http server 1.3.28
    suse suse linux 9.1
    ibm http server 1.3.26
    slackware slackware linux 10.0
    suse suse linux 9.2
    apple mac os x 10.2.8
    apple mac os x server 10.2.8
    apple mac os x 10.3.6
    novell linux desktop 9
    redhat linux advanced workstation 2.1
    suse linux enterprise server 9
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1
    apple mac os x server 10.3.6