FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0113

This CVE name corresponds to:

Entered Topic
2004-03-08 Apache 2 mod_ssl denial-of-service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type CVE Entry
Name CVE-2004-0113

Description

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

References

Source Reference
MISC http://issues.apache.org/bugzilla/show_bug.cgi?id=27106
MLIST [apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c
CONFIRM http://www.apacheweek.com/features/security-20
APPLE APPLE-SA-2004-05-03
CONECTIVA CLSA-2004:839
GENTOO GLSA-200403-04
HP SSRT4717
MANDRAKE MDKSA-2004:043
REDHAT RHSA-2004:084
REDHAT RHSA-2004:182
TRUSTIX 2004-0017
BUGTRAQ 20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
XF apache-modssl-plain-dos(15419)
BID 9826
OSVDB 4182
OVAL oval:org.mitre.oval:def:876