CVE-2004-0492

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

Published: Aug 6, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0492
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hp / webproxy	2.0	2.0.x
hp / virtualvault	11.0.4	11.0.4.x
apache / http_server	1.3.27	1.3.27.x
ibm / http_server	1.3.28	1.3.28.x
apache / http_server	1.3.28	1.3.28.x
apache / http_server	1.3.31	1.3.31.x
hp / webproxy	2.1	2.1.x
ibm / http_server	1.3.26.1	1.3.26.1.x
apache / http_server	1.3.26	1.3.26.x
apache / http_server	1.3.29	1.3.29.x
sgi / propack	2.4	2.4.x
ibm / http_server	1.3.26	1.3.26.x
ibm / http_server	1.3.26.2	1.3.26.2.x
hp / vvos	11.04	11.04.x
openbsd / openbsd	3.5	3.5.x
openbsd / openbsd	-	-
openbsd / openbsd	3.4	3.4.x

Vulnerability Database

289,571

CVE-2004-0492