VDB
CVE-2004-0493
CVE-2004-0493
PUBLISHED
Reported by mitre · Published June 30, 2004
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Exploit Intelligence
- Apache - Arbitrary Long HTTP Headers Denial of Service (C) - Linux dos Exploit (variot)
- Apache - Arbitrary Long HTTP Headers Denial of Service (C) - Linux dos Exploit (variot)
- Apache - Arbitrary Long HTTP Headers Denial of Service (C) - Linux dos Exploit (variot)
- http://www.securityfocus.com/bid/10619 (vulncheck-nvd)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
Timeline
- Jun 28, 2004 PoC Published
- Jun 30, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Jun 7, 2023 EPSS Score
- Aug 8, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- Apr 5, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
- Apr 17, 2025 EPSS Score
References
- 2004-0039 vendor-advisoryx_refsource_TRUSTIX
- 20040629 TSSA-2004-012 - apache mailing-listx_refsource_BUGTRAQ
- 10619 vdb-entryx_refsource_BID
- RHSA-2004:342 vendor-advisoryx_refsource_REDHAT
- 20040628 DoS in apache httpd 2.0.49, yet still apache much better than windows mailing-listx_refsource_FULLDISC
- oval:org.mitre.oval:def:10605 vdb-entrysignaturex_refsource_OVAL
- apache-apgetmimeheaderscore-dos(16524) vdb-entryx_refsource_XF
- MDKSA-2004:064 vendor-advisoryx_refsource_MANDRAKE
- SSRT4777 vendor-advisoryx_refsource_HP
- GLSA-200407-03 vendor-advisoryx_refsource_GENTOO
- x_refsource_MISC
- x_refsource_CONFIRM
- [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
…and 4 more