CVE-2004-0174

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

References

http://www.redhat.com/support/errata/RHSA-2004-405.html

http://www.trustix.org/errata/2004/0027

http://security.gentoo.org/glsa/glsa-200405-22.xml

http://www.kb.cert.org/vuls/id/132110

http://secunia.com/advisories/11170

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1

http://www.securityfocus.com/bid/9921

http://www.securitytracker.com/alerts/2004/Mar/1009495.html

http://www.apache.org/dist/httpd/CHANGES_1.3

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1

http://www.mandriva.com/security/advisories?name=MDKSA-2004:046

http://marc.info/?l=bugtraq&m=108066914830552&w=2

http://marc.info/?l=bugtraq&m=108369640424244&w=2

http://marc.info/?l=bugtraq&m=108731648532365&w=2

http://marc.info/?l=bugtraq&m=107973894328806&w=2

http://marc.info/?l=bugtraq&m=108437852004207&w=2

https://exchange.xforce.ibmcloud.com/vulnerabilities/15540

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1982

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100110

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2004-05-04

Updated: 2021-06-06

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.0.49 (inclusive)

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
18787Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)NessusSlackware Local Security Checks
high
17534HP-UX PHSS_30650 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17533HP-UX PHSS_30649 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17532HP-UX PHSS_30648 : s700_800 11.04 Virtualvault 4.5 OWS updateNessusHP-UX Local Security Checks
medium
17531HP-UX PHSS_30646 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17530HP-UX PHSS_30645 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17529HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17528HP-UX PHSS_30643 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17527HP-UX PHSS_30642 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17526HP-UX PHSS_30641 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17525HP-UX PHSS_30640 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17071HP-UX PHSS_30639 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17070HP-UX PHSS_30647 : s700_800 11.04 Virtualvault 4.5 IWS UpdateNessusHP-UX Local Security Checks
medium
2444Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)Nessus Network MonitorWeb Clients
high
15898Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)NessusMacOS X Local Security Checks
high
15483Solaris 8 (x86) : 116974-07NessusSolaris Local Security Checks
critical
15482Solaris 8 (sparc) : 116973-07NessusSolaris Local Security Checks
critical
14508GLSA-200405-22 : Apache 1.3: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
14145Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)NessusMandriva Local Security Checks
high
13593Solaris 9 (x86) : 114145-12NessusSolaris Local Security Checks
critical
13530Solaris 9 (sparc) : 113146-13NessusSolaris Local Security Checks
critical
12518Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)NessusMacOS X Local Security Checks
high
12280Apache < 1.3.31 / 2.0.49 Socket Connection Blocking Race Condition DoSNessusWeb Servers
medium
800800Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)Log Correlation EngineOperating System Detection
medium