Apache Input Header Folding Remote DoS

medium Log Correlation Engine Plugin ID 800575


The remote host is vulnerable to a Denial of Service (DoS) attack


The remote host appears to be running a version of Apache 2.x that is older than 2.0.50. There is denial of service in Apache httpd 2.0.x by sending a specially crafted HTTP request. It is possible to consume arbitrary amounts of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow.


Upgrade to most recent version of Apache.

See Also


Plugin Details

Severity: Medium

ID: 800575

Family: Web Servers

Nessus ID: 12293

Risk Information


Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Reference Information

CVE: CVE-2004-0493

BID: 12877, 10619