CVE DATABASE / CVE-2004-0492
CVE-2004-0492
CVSS 10 · HIGH
Summary
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
CVSS 2.0 breakdown
| Base score | 10 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Affected products
Apache http serverHp virtualvaultHp webproxyIbm http serverSgi propackHp vvosOpenbsd openbsd
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
- http://marc.info/?l=bugtraq&m=108711172710140&w=2
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://rhn.redhat.com/errata/RHSA-2004-245.html
- http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html
- http://secunia.com/advisories/11841
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
- http://www.debian.org/security/2004/dsa-525
- http://www.guninski.com/modproxy1.html
- http://www.kb.cert.org/vuls/id/541310
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:065
- https://bugzilla.fedora.us/show_bug.cgi?id=1737
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16387
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.