FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0492

This CVE name corresponds to:

Entered Topic
2004-09-19 apache -- heap overflow in mod_proxy

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0492 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0492
Phase Assigned(20040527)

Description

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

References

Source Reference
FULLDISC 20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows
MISC http://www.guninski.com/modproxy1.html
BUGTRAQ 20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache)
DEBIAN DSA-525
FEDORA FLSA:1737
HP HPSBOV02683
HP SSRT090208
MANDRAKE MDKSA-2004:065
REDHAT RHSA-2004:245
SGI 20040605-01-U
SUNALERT 57628
SUNALERT 101555
SUNALERT 101841
CERT-VN VU#541310
OVAL oval:org.mitre.oval:def:4863
OVAL oval:org.mitre.oval:def:100112
SECUNIA 11841
XF apache-modproxy-contentlength-bo(16387)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.