CVE-2004-0493

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

Published: Aug 6, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0493
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
trustix / secure_linux	2.0	2.0.x
avaya / converged_communications_server	2.0	2.0.x
trustix / secure_linux	1.5	1.5.x
gentoo / linux	1.4	1.4.x
trustix / secure_linux	2.1	2.1.x
apache / http_server	2.0.47	2.0.47.x
ibm / http_server	2.0.42.1	2.0.42.1.x
avaya / s8300	r2.0.0	r2.0.0.x
apache / http_server	2.0.49	2.0.49.x
ibm / http_server	2.0.42	2.0.42.x
ibm / http_server	2.0.47.1	2.0.47.1.x
apache / http_server	2.0.48	2.0.48.x
ibm / http_server	2.0.42.2	2.0.42.2.x
avaya / s8700	r2.0.0	r2.0.0.x
avaya / s8500	r2.0.0	r2.0.0.x
ibm / http_server	2.0.47	2.0.47.x

Vulnerability Database

289,571

CVE-2004-0493