Apache Input Header Folding Remote DoS

Medium Nessus Network Monitor Plugin ID 1237

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The remote host appears to be running a version of Apache 2.x that is older than 2.0.50. There is denial of service in Apache httpd 2.0.x by sending a specially crafted HTTP request. It is possible to consume arbitrary amounts of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow.

Solution

Upgrade to most recent version of Apache.

See Also

http://www.guninski.com/httpd1.html

Plugin Details

Severity: Medium

ID: 1237

File Name: 1237.prm

Family: Web Servers

Published: 2004/08/20

Modified: 2016/11/23

Dependencies: 3057

Nessus ID: 12293

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Reference Information

CVE: CVE-2004-0493

BID: 12877, 10619