CVE-2004-0493
Last modified
CVE-2004-0493 is a vulnerability of currently unknown severity. The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.. EPSS estimates a 84.78% chance of exploitation in the next 30 days.
Description
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Converged Communications Server | 2.0 |
| Gentoo | Linux | 1.4 |
| Trustix | Secure Linux | 1.5 |
| Trustix | Secure Linux | 2.0 |
| Trustix | Secure Linux | 2.1 |
| Apache | Http Server | 2.0.47 |
| Apache | Http Server | 2.0.48 |
| Apache | Http Server | 2.0.49 |
| Ibm | Http Server | 2.0.42 |
| Ibm | Http Server | 2.0.42.1 |
| Ibm | Http Server | 2.0.42.2 |
| Ibm | Http Server | 2.0.47 |
| Ibm | Http Server | 2.0.47.1 |
| Avaya | S8300 | r2.0.0 |
| Avaya | S8500 | r2.0.0 |
| Avaya | S8700 | r2.0.0 |
References
- http://www.securityfocus.com/bid/10619Exploit, Patch, Vendor Advisory
- http://www.securityfocus.com/bid/10619Exploit, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-0493?
How severe is CVE-2004-0493?
How do I fix CVE-2004-0493?
Are you affected by CVE-2004-0493?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST