Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839
http://issues.apache.org/bugzilla/show_bug.cgi?id=27106
http://marc.info/?l=apache-cvs&m=107869699329638
http://marc.info/?l=bugtraq&m=108034113406858&w=2
http://marc.info/?l=bugtraq&m=108369640424244&w=2
http://marc.info/?l=bugtraq&m=108731648532365&w=2
http://security.gentoo.org/glsa/glsa-200403-04.xml
http://www.apacheweek.com/features/security-20
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043
http://www.redhat.com/support/errata/RHSA-2004-084.html
http://www.redhat.com/support/errata/RHSA-2004-182.html
http://www.securityfocus.com/bid/9826
http://www.trustix.org/errata/2004/0017
https://exchange.xforce.ibmcloud.com/vulnerabilities/15419
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876
Source: MITRE
Published: 2004-03-29
Updated: 2017-10-10
Type: NVD-CWE-Other
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
OR
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
36300 | FreeBSD : Apache 2 mod_ssl denial-of-service (492f8896-70fa-11d8-873f-0020ed76ef5a) | Nessus | FreeBSD Local Security Checks | medium |
17534 | HP-UX PHSS_30650 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17533 | HP-UX PHSS_30649 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17532 | HP-UX PHSS_30648 : s700_800 11.04 Virtualvault 4.5 OWS update | Nessus | HP-UX Local Security Checks | medium |
17531 | HP-UX PHSS_30646 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17530 | HP-UX PHSS_30645 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17529 | HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17528 | HP-UX PHSS_30643 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17527 | HP-UX PHSS_30642 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17526 | HP-UX PHSS_30641 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17525 | HP-UX PHSS_30640 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17071 | HP-UX PHSS_30639 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) | Nessus | HP-UX Local Security Checks | medium |
17070 | HP-UX PHSS_30647 : s700_800 11.04 Virtualvault 4.5 IWS Update | Nessus | HP-UX Local Security Checks | medium |
14455 | GLSA-200403-04 : Multiple security vulnerabilities in Apache 2 | Nessus | Gentoo Local Security Checks | medium |
1205 | Apache HTTP Server < 2.0.49 mod_ssl Plain HTTP Request DoS | Nessus Network Monitor | Web Servers | high |
14142 | Mandrake Linux Security Advisory : apache2 (MDKSA-2004:043) | Nessus | Mandriva Local Security Checks | medium |
12525 | FreeBSD : Apache 2 mod_ssl denial-of-service (12) | Nessus | FreeBSD Local Security Checks | medium |
12518 | Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03) | Nessus | MacOS X Local Security Checks | high |
12473 | RHEL 3 : httpd (RHSA-2004:084) | Nessus | Red Hat Local Security Checks | medium |
12100 | Apache 2.0.x < 2.0.49 mod_ssl Plain HTTP Request DoS | Nessus | Web Servers | medium |
800551 | Apache HTTP Server < 2.0.49 mod_ssl Plain HTTP Request DoS | Log Correlation Engine | Web Servers | medium |