Apache Input Header Folding Remote DoS

medium Nessus Network Monitor Plugin ID 1237

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The remote host appears to be running a version of Apache 2.x that is older than 2.0.50. There is denial of service in Apache httpd 2.0.x by sending a specially crafted HTTP request. It is possible to consume arbitrary amounts of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow.

Solution

Upgrade to most recent version of Apache.

See Also

http://www.guninski.com/httpd1.html

Plugin Details

Severity: Medium

ID: 1237

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 12293

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Reference Information

CVE: CVE-2004-0493

BID: 12877, 10619