Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200411-18
HistoryNov 10, 2004 - 12:00 a.m.

Apache 2.0: Denial of Service by memory consumption

2004-11-1000:00:00
Gentoo Foundation
security.gentoo.org
15

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.966 High

EPSS

Percentile

99.6%

JSON

Background

The Apache HTTP Server is one of the most popular web servers on the Internet.

Description

Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code.

Impact

By sending a large amount of specially-crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system.

Workaround

There is no known workaround at this time.

Resolution

All Apache 2.0 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.52-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/apache< 2.0.52-r1UNKNOWN

Related

freebsd 1
cve 1
exploitpack 1
packetstorm 1
seebug 2
nessus 10
openvas 9
ubuntu 1
debiancve 1
cvelist 1
httpd 1
nvd 1
ubuntucve 1
exploitdb 1
altlinux 3
redhat 1
freebsd
freebsd
apache2 multiple space header denial-of-service vulnerability
2004-11-01 00:00:00
cve
cve
CVE-2004-0942
2005-02-09 05:00:00
exploitpack
exploitpack
Apache 2.0.52 - GET Denial of Service
2005-03-04 00:00:00
packetstorm
packetstorm
slmail5x.txt
2004-11-20 00:00:00
seebug
seebug
Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
2014-07-01 00:00:00
Apache &lt;= 2.0.52 HTTP GET request Denial of Service Exploit
2005-03-04 00:00:00
nessus
nessus
FreeBSD : apache2 multiple space header denial-of-service vulnerability (9)
2004-11-23 00:00:00
FreeBSD : apache2 multiple space header denial-of-service vulnerability (282dfea0-3378-11d9-b404-000c6e8f12ef)
2009-04-23 00:00:00
Mandrake Linux Security Advisory : apache2 (MDKSA-2004:135)
2004-11-17 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-18 (apache)
2008-09-24 00:00:00
FreeBSD Ports: apache
2008-09-04 00:00:00
FreeBSD Ports: apache
2008-09-04 00:00:00
ubuntu
ubuntu
apache2 vulnerability
2004-11-12 00:00:00
debiancve
debiancve
CVE-2004-0942
2005-02-09 05:00:00
cvelist
cvelist
CVE-2004-0942
2004-11-04 05:00:00
httpd
httpd
Apache Httpd < 2.0.53 : Memory consumption DoS
2004-10-28 00:00:00
nvd
nvd
CVE-2004-0942
2005-02-09 05:00:00
ubuntucve
ubuntucve
CVE-2004-0942
2005-02-09 00:00:00
exploitdb
exploitdb
Apache 2.0.52 - GET Denial of Service
2005-03-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
redhat
redhat
(RHSA-2004:562) httpd security update
2004-11-12 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.966 High

EPSS

Percentile

99.6%

JSON
Related for GLSA-200411-18
freebsd1cve1exploitpack1packetstorm1seebug2nessus10openvas9ubuntu1debiancve1cvelist1httpd1nvd1ubuntucve1exploitdb1altlinux3redhat1