The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

The remote host is using a version of the Apache web server that is less than 2.0.50.  This version is vulnerable to two (2) remote Denial of Service (DoS) attacks.  The first issue stems from a failure to properly manage memory and could lead to the consumption of massive amounts of memory and, alledgedly,a potential heap overflow.  The second issue stems from mod_ssl's inability to handle sessions that terminate before any bytes of data have been sent.  This second flaw results in a memory violation that leads to a loss of availability to valid users. 

The remote host is missing Apple's Security Update 2004-09-07. This security update fixes the following components: CoreFoundation, IPSec, Kerberos, libpcap, lukemftpd, NetworkConfig, OpenLDAP, OpenSSH, PPPDialer, rsync, Safari and tcpdump

The remote host is missing Security Update 2004-09-07.  This security update fixes the following components :

  - CoreFoundation
  - IPSec
  - Kerberos
  - libpcap
  - lukemftpd
  - NetworkConfig
  - OpenLDAP
  - OpenSSH
  - PPPDialer
  - rsync
  - Safari
  - tcpdump

These applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.

The remote host is affected by the vulnerability described in GLSA-200407-03 (Apache 2: Remote denial of service attack)

    A bug in the protocol.c file handling header lines will cause Apache to     allocate memory for header lines starting with TAB or SPACE.
  Impact :

    An attacker can exploit this vulnerability to perform a Denial of Service     attack by causing Apache to exhaust all memory. On 64 bit systems with more     than 4GB of virtual memory a possible integer signedness error could lead     to a buffer based overflow causing Apache to crash and under some     circumstances execute arbitrary code as the user running Apache, usually     'apache'.
  Workaround :

    There is no known workaround at this time. All users are encouraged to     upgrade to the latest available version:

The remote host appears to be running a version of Apache 2.x that is older than 2.0.50.  There is denial of service in Apache httpd 2.0.x by sending a specially crafted HTTP request.  It is possible to consume arbitrary amounts of memory.  On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow. 

A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow.

The updated packages contain a patch from the ASF to correct the problem.

It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ('service httpd stop' and 'service httpd start' respectively).

Updated httpd packages that fix a buffer overflow in mod_ssl and a remotely triggerable memory leak are now available.

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.

A stack-based buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue.

A remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0493 to this issue.

Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.

The remote host appears to be running a version of Apache 2.x that is prior to 2.0.50. It is, therefore, affected by a denial of service vulnerability that can be triggered by sending a specially crafted HTTP request, which results in the consumption of an arbitrary amount of memory. On 64-bit systems with more than 4GB virtual memory, this may lead to a heap based buffer overflow.

There is also a denial of service vulnerability in mod_ssl's 'ssl_io_filter_cleanup' function. By sending a request to a vulnerable server over SSL and closing the connection before the server can send a response, an attacker can cause a memory violation that crashes the server.

The remote host is using a version of the Apache web server that is less than 2.0.50.  This version is vulnerable to two (2) remote Denial of Service (DoS) attacks.  The first issue stems from a failure to properly manage memory and could lead to the consumption of massive amounts of memory and, alledgedly,a potential heap overflow.  The second issue stems from mod_ssl's inability to handle sessions that terminate before any bytes of data have been sent.  This second flaw results in a memory violation that leads to a loss of availability to valid users.

The remote host appears to be running a version of Apache 2.x that is older than 2.0.50.  There is denial of service in Apache httpd 2.0.x by sending a specially crafted HTTP request.  It is possible to consume arbitrary amounts of memory.  On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow.

ID	Name	Product	Family	Severity
2744	Apache < 2.0.50 Input Header Folding and mod_ssl DoS	Nessus Network Monitor	Web Servers	medium
2274	Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)	Nessus Network Monitor	Web Clients	medium
14676	Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)	Nessus	MacOS X Local Security Checks	high
14536	GLSA-200407-03 : Apache 2: Remote denial of service attack	Nessus	Gentoo Local Security Checks	medium
1237	Apache Input Header Folding Remote DoS	Nessus Network Monitor	Web Servers	medium
14163	Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064)	Nessus	Mandriva Local Security Checks	medium
12636	RHEL 3 : httpd (RHSA-2004:342)	Nessus	Red Hat Local Security Checks	high
12293	Apache 2.x < 2.0.50 Multiple Remote DoS	Nessus	Web Servers	medium
800802	Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)	Log Correlation Engine	Operating System Detection	high
800578	Apache < 2.0.50 Input Header Folding and mod_ssl DoS	Log Correlation Engine	Web Servers	medium
800575	Apache Input Header Folding Remote DoS	Log Correlation Engine	Web Servers	medium

Detections

Analytics

CVE-2004-0493

high

Tenable Plugins

medium

medium

high

medium

medium

medium

high

medium

high

medium

medium