Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS)

Medium Nessus Plugin ID 14748


The remote web server is affected by multiple vulnerabilities.


According to its Server response header, the remote host is running a version of Apache 2.0.x prior to 2.0.51. It is, therefore, affected by multiple vulnerabilities :

- An input validation issue in apr-util can be triggered by malformed IPv6 literal addresses and result in a buffer overflow (CVE-2004-0786).

- There is a buffer overflow that can be triggered when expanding environment variables during configuration file parsing (CVE-2004-0747).

- A segfault in mod_dav_ds when handling an indirect lock refresh can lead to a process crash (CVE-2004-0809).

- A segfault in the SSL input filter can be triggered if using 'speculative' mode by, for instance, a proxy request to an SSL server (CVE-2004-0751).

- There is the potential for an infinite loop in mod_ssl (CVE-2004-0748).


Upgrade to Apache 2.0.51 or later.

See Also



Plugin Details

Severity: Medium

ID: 14748

File Name: apache_2_0_51.nasl

Version: 1.30

Type: remote

Family: Web Servers

Published: 2004/09/16

Updated: 2018/11/15

Dependencies: 48204

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: installed_sw/Apache

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2004/07/08

Reference Information

CVE: CVE-2004-0747, CVE-2004-0748, CVE-2004-0751, CVE-2004-0786, CVE-2004-0809

BID: 11185, 11187