VDB
CVE-2004-0492
CVE-2004-0492
PUBLISHED
CVSS 10 CRITICAL
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
EPSS 23.71% · 96.1th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
23.71%
96.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| hp | webproxy | 2.1, 2.0 |
| apache | http_server | 1.3.31, 1.3.29, 1.3.27 |
| ibm | http_server | 1.3.26.2, 1.3.26, 1.3.26.1 |
| sgi | propack | 2.4 |
| n/a | n/a | n/a |
| openbsd | openbsd | 3.4, 3.5 |
| hp | virtualvault | 11.0.4 |
| hp | vvos | 11.04 |
Exploit Intelligence
- 20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache) (circl)
- FLSA:1737 (circl)
- RHSA-2004:245 (circl)
- SSRT090208 (circl)
- http://www.guninski.com/modproxy1.html (circl)
- 57628 (circl)
- 20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows (circl)
- oval:org.mitre.oval:def:100112 (circl)
- MDKSA-2004:065 (circl)
- oval:org.mitre.oval:def:4863 (circl)
…and 21 more exploits
Timeline
- Jun 23, 2004 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- 20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache) mailing-list
- FLSA:1737 vendor-advisory
- RHSA-2004:245 vendor-advisory
- SSRT090208 vendor-advisory
- http://www.guninski.com/modproxy1.html url
- 57628 vendor-advisory
- 20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows mailing-list
- oval:org.mitre.oval:def:100112 vdb
- MDKSA-2004:065 vendor-advisory
- oval:org.mitre.oval:def:4863 vdb
- 101555 vendor-advisory
- 20040605-01-U vendor-advisory
- DSA-525 vendor-advisory
- VU#541310 third-party-advisory
- 101841 vendor-advisory
- 11841 third-party-advisory
- apache-modproxy-contentlength-bo(16387) vdb
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
- [httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
- [httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
…and 12 more