CVE-2004-0492 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0492
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0492

Description: Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16387 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 SGI SAID Secunia Advisory: SA11841 REDHAT http://rhn.redhat.com/errata/RHSA-2004-245.html OVAL http://oval.mitre.org/oval/definitions/data/oval100112.html http://oval.mitre.org/oval/definitions/data/oval4863.html MISC http://www.guninski.com/modproxy1.html MANDRAKE http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:065 FULLDISC http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html FEDORA DEBIAN http://www.debian.org/security/2004/dsa-525 CERT-VN 541310 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=108711172710140&w=2

Return to the previous page.