Vulnerability Name:

CVE-2004-0751 (CCN-17273)

Assigned:2004-09-06
Published:2004-09-06
Updated:2021-06-06
Summary:The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: BUGTRAQ
Type: UNKNOWN
20040911 Remote buffer overflow in Apache mod_ssl when reverse proxying SSL

Source: CCN
Type: BugTraq Mailing List, Sat Sep 11 2004 - 01:14:06 CDT
Remote buffer overflow in Apache mod_ssl when reverse proxying SSL

Source: MITRE
Type: CNA
CVE-2004-0751

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:868
Several vulnerabilities in apache, mod_ssl and mod_dav

Source: CCN
Type: AppleCare Knowledge Base Document 61798
Security Update 2004-12-02

Source: CONFIRM
Type: UNKNOWN
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134

Source: CCN
Type: RHSA-2004-463
httpd security update

Source: CCN
Type: CIAC Information Bulletin P-049
Apple Security Update 2004-12-02

Source: CCN
Type: GLSA-200409-21
Apache 2, mod_dav: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200409-21

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:096

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:030

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:463

Source: CCN
Type: BID-11154
Apache mod_ssl Remote Denial of Service Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0047
Several security holes

Source: TRUSTIX
Type: UNKNOWN
2004-0047

Source: CCN
Type: TLSA-2005-2
Multiple vulnerabilities in httpd

Source: XF
Type: UNKNOWN
apache-modssl-speculative-dos(17273)

Source: XF
Type: UNKNOWN
apache-modssl-speculative-dos(17273)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11864

Source: SUSE
Type: SUSE-SA:2004:030
apache2: remote DoS condition

Source: CCN
Type: IBM Systems Support Web site
Support for HMC

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:11864
    V
    		The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
    2013-04-29
    oval:org.opensuse.security:def:20040751
    V
    		CVE-2004-0751
    2012-08-30
    oval:com.redhat.rhsa:def:20040463
    P
    		RHSA-2004:463: httpd security update (Moderate)
    2004-09-15
    BACK
    apache http server 2.0
    apache http server 2.0.28
    apache http server 2.0.41
    apache http server 2.0.42
    apache http server 2.0.49
    apache http server 2.0.50
    apache http server 2.0.32
    apache http server 2.0.35
    apache http server 2.0.36
    apache http server 2.0.43
    apache http server 2.0.44
    apache http server 2.0.37
    apache http server 2.0.47
    apache http server 2.0.39
    apache http server 2.0.38
    apache http server 2.0.48
    apache http server 2.0.45
    apache http server 2.0.40
    apache http server 2.0.46
    apache http server 2.0
    apache http server 2.0.38
    apache http server 2.0.39
    apache http server 2.0.42
    apache http server 2.0.47
    apache http server 2.0.49
    apache http server 2.0.48
    apache http server 2.0.40
    apache http server 2.0.46
    apache http server 2.0.28
    apache http server 2.0.32
    apache http server 2.0.35
    apache http server 2.0.36
    apache http server 2.0.37
    apache http server 2.0.41
    apache http server 2.0.43
    apache http server 2.0.44
    apache http server 2.0.45
    apache http server 2.0.50
    hp hp-ux 11.00
    hp hp-ux 11.11
    gentoo linux *
    hp hp-ux 11.22
    suse suse linux 8.1
    suse suse linux 8.2
    conectiva linux 9.0
    trustix secure linux 2.0
    hp hp-ux 11.23
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    conectiva linux 10
    apple mac os x server 10.2.8
    suse linux enterprise server 9
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    apple mac os x server 10.3.6