Vulnerabilities > CVE-2004-0493
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 | |
| OS | 1 | |
| Hardware | 4 | |
| Application | 3 | |
| Application | 5 |
Exploit-Db
description Apache HTTPd Arbitrary Long HTTP Headers DoS. CVE-2004-0493. Dos exploits for multiple platform id EDB-ID:360 last seen 2016-01-31 modified 2004-07-22 published 2004-07-22 reporter bkbll source https://www.exploit-db.com/download/360/ title Apache HTTPd Arbitrary Long HTTP Headers DoS description Apache HTTPd Arbitrary Long HTTP Headers DoS (c version). CVE-2004-0493. Dos exploit for linux platform id EDB-ID:371 last seen 2016-01-31 modified 2004-08-02 published 2004-08-02 reporter N/A source https://www.exploit-db.com/download/371/ title Apache HTTPd - Arbitrary Long HTTP Headers DoS C
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-392.NASL description Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 13653 published 2004-07-20 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/13653 title RHEL 3 : php (RHSA-2004:392) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:392. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(13653); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0594", "CVE-2004-0595"); script_xref(name:"RHSA", value:"2004:392"); script_name(english:"RHEL 3 : php (RHSA-2004:392)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0594 to this issue. This issue has a higher risk when PHP is running on an instance of Apache which is vulnerable to CVE-2004-0493. For Red Hat Enterprise Linux 3, this Apache memory exhaustion issue was fixed by a previous update, RHSA-2004:342. It may also be possible to exploit this issue if using a non-default PHP configuration with the 'register_defaults' setting is changed to 'On'. Red Hat does not believe that this flaw is exploitable in the default configuration of Red Hat Enterprise Linux 3. Stefan Esser discovered a flaw in the strip_tags function in versions of PHP before 4.3.8. The strip_tags function is commonly used by PHP scripts to prevent Cross-Site-Scripting attacks by removing HTML tags from user-supplied form data. By embedding NUL bytes into form data, HTML tags can in some cases be passed intact through the strip_tags function, which may allow a Cross-Site-Scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0595 to this issue. All users of PHP are advised to upgrade to these updated packages, which contain backported patches that address these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0594" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0595" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:392" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/27"); script_set_attribute(attribute:"patch_publication_date", value:"2004/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:392"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"php-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-imap-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-ldap-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-mysql-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-odbc-4.3.2-11.1.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"php-pgsql-4.3.2-11.1.ent")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-imap / php-ldap / php-mysql / php-odbc / php-pgsql"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2004-204.NASL description This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak (CVE-2004-0493), and a buffer overflow in mod_ssl which can be triggered only by a (trusted) client certificate with a long subject DN field (CVE-2004-0488). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13735 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13735 title Fedora Core 2 : httpd-2.0.50-2.1 (2004-204) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-204. # include("compat.inc"); if (description) { script_id(13735); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-204"); script_name(english:"Fedora Core 2 : httpd-2.0.50-2.1 (2004-204)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak (CVE-2004-0493), and a buffer overflow in mod_ssl which can be triggered only by a (trusted) client certificate with a long subject DN field (CVE-2004-0488). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-July/000220.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?466f113b" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"httpd-2.0.50-2.1")) flag++; if (rpm_check(release:"FC2", reference:"httpd-debuginfo-2.0.50-2.1")) flag++; if (rpm_check(release:"FC2", reference:"httpd-devel-2.0.50-2.1")) flag++; if (rpm_check(release:"FC2", reference:"httpd-manual-2.0.50-2.1")) flag++; if (rpm_check(release:"FC2", reference:"mod_ssl-2.0.50-2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-064.NASL description A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow. The updated packages contain a patch from the ASF to correct the problem. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ( last seen 2020-06-01 modified 2020-06-02 plugin id 14163 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14163 title Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:064. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14163); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0493"); script_xref(name:"MDKSA", value:"2004:064"); script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow. The updated packages contain a patch from the ASF to correct the problem. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ('service httpd stop' and 'service httpd start' respectively)." ); script_set_attribute( attribute:"see_also", value:"http://www.guninski.com/httpd1.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_dav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_deflate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_file_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64apr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"apache2-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-common-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-devel-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-manual-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_cache-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_dav-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_deflate-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_disk_cache-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_file_cache-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_ldap-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_mem_cache-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_proxy-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-mod_ssl-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-modules-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache2-source-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64apr0-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libapr0-2.0.48-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-common-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-devel-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-manual-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_dav-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ldap-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ssl-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-modules-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-source-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libapr0-2.0.47-1.9.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-common-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-devel-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-manual-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_cache-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_dav-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_deflate-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_disk_cache-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_file_cache-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_ldap-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_mem_cache-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_proxy-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-mod_ssl-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-modules-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache2-source-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64apr0-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libapr0-2.0.47-6.6.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-342.NASL description Updated httpd packages that fix a buffer overflow in mod_ssl and a remotely triggerable memory leak are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A stack-based buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. A remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0493 to this issue. Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 12636 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12636 title RHEL 3 : httpd (RHSA-2004:342) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:342. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12636); script_version ("1.30"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0488", "CVE-2004-0493"); script_xref(name:"RHSA", value:"2004:342"); script_name(english:"RHEL 3 : httpd (RHSA-2004:342)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated httpd packages that fix a buffer overflow in mod_ssl and a remotely triggerable memory leak are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A stack-based buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. A remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0493 to this issue. Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0488" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0493" ); script_set_attribute( attribute:"see_also", value:"http://www.apacheweek.com/features/security-20" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:342" ); script_set_attribute( attribute:"solution", value:"Update the affected httpd, httpd-devel and / or mod_ssl packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:342"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"httpd-2.0.46-32.ent.3")) flag++; if (rpm_check(release:"RHEL3", reference:"httpd-devel-2.0.46-32.ent.3")) flag++; if (rpm_check(release:"RHEL3", reference:"mod_ssl-2.0.46-32.ent.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / mod_ssl"); } }NASL family Web Servers NASL id APACHE_INPUT_HEADER_FOLDING_DOS.NASL description The remote host appears to be running a version of Apache 2.x that is prior to 2.0.50. It is, therefore, affected by a denial of service vulnerability that can be triggered by sending a specially crafted HTTP request, which results in the consumption of an arbitrary amount of memory. On 64-bit systems with more than 4GB virtual memory, this may lead to a heap based buffer overflow. There is also a denial of service vulnerability in mod_ssl last seen 2020-06-01 modified 2020-06-02 plugin id 12293 published 2004-06-29 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12293 title Apache 2.x < 2.0.50 Multiple Remote DoS NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200407-03.NASL description The remote host is affected by the vulnerability described in GLSA-200407-03 (Apache 2: Remote denial of service attack) A bug in the protocol.c file handling header lines will cause Apache to allocate memory for header lines starting with TAB or SPACE. Impact : An attacker can exploit this vulnerability to perform a Denial of Service attack by causing Apache to exhaust all memory. On 64 bit systems with more than 4GB of virtual memory a possible integer signedness error could lead to a buffer based overflow causing Apache to crash and under some circumstances execute arbitrary code as the user running Apache, usually last seen 2020-06-01 modified 2020-06-02 plugin id 14536 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14536 title GLSA-200407-03 : Apache 2: Remote denial of service attack NASL family Fedora Local Security Checks NASL id FEDORA_2004-203.NASL description This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak (CVE-2004-0493), and a buffer overflow in mod_ssl which can be triggered only by a (trusted) client certificate with a long subject DN field (CVE-2004-0488). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13734 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13734 title Fedora Core 1 : httpd-2.0.50-1.0 (2004-203) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040907.NASL description The remote host is missing Security Update 2004-09-07. This security update fixes the following components : - CoreFoundation - IPSec - Kerberos - libpcap - lukemftpd - NetworkConfig - OpenLDAP - OpenSSH - PPPDialer - rsync - Safari - tcpdump These applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 14676 published 2004-09-08 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14676 title Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)
Oval
| accepted | 2013-04-29T04:07:02.863-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10605 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-02 |
| organization | Apache |
| statement | Fixed in Apache HTTP Server 2.0.50: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://www.securityfocus.com/bid/10619
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html
- http://www.guninski.com/httpd1.html
- http://www.apacheweek.com/features/security-20
- http://security.gentoo.org/glsa/glsa-200407-03.xml
- http://www.redhat.com/support/errata/RHSA-2004-342.html
- http://www.trustix.org/errata/2004/0039/
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:064
- http://marc.info/?l=bugtraq&m=109181600614477&w=2
- http://marc.info/?l=bugtraq&m=108853066800184&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16524
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10605
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E