CVE-2003-0132

Current Description

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

Basic Data

PublishedApril 11, 2003
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationApacheHttp Server2.0*******
    2.3ApplicationApacheHttp Server2.0.9*******
    2.3ApplicationApacheHttp Server2.0.28*******
    2.3ApplicationApacheHttp Server2.0.32*******
    2.3ApplicationApacheHttp Server2.0.35*******
    2.3ApplicationApacheHttp Server2.0.36*******
    2.3ApplicationApacheHttp Server2.0.37*******
    2.3ApplicationApacheHttp Server2.0.38*******
    2.3ApplicationApacheHttp Server2.0.39*******
    2.3ApplicationApacheHttp Server2.0.40*******
    2.3ApplicationApacheHttp Server2.0.41*******
    2.3ApplicationApacheHttp Server2.0.42*******
    2.3ApplicationApacheHttp Server2.0.43*******
    2.3ApplicationApacheHttp Server2.0.44*******

Vulnerable Software List

VendorProductVersions
Apache Http Server 2.0, 2.0.28, 2.0.32, 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.0.41, 2.0.42, 2.0.43, 2.0.44, 2.0.9

References

NameSourceURLTags
http://lists.apple.com/mhonarc/security-announce/msg00028.htmlhttp://lists.apple.com/mhonarc/security-announce/msg00028.htmlCONFIRM
20030402 [ANNOUNCE] Apache 2.0.45 Releasedhttp://marc.info/?l=bugtraq&m=104931360606484&w=2BUGTRAQ
20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.xhttp://marc.info/?l=bugtraq&m=104982175321731&w=2BUGTRAQ
20030409 GLSA: apache (200304-01)http://marc.info/?l=bugtraq&m=104994239010517&w=2BUGTRAQ
20030408 Exploit Code Released for Apache 2.x Memory Leakhttp://marc.info/?l=bugtraq&m=104994309010974&w=2BUGTRAQ
20030410 working apache <= 2.0.44 DoS exploit for linux.http://marc.info/?l=bugtraq&m=105001663120995&w=2BUGTRAQ
20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Servicehttp://marc.info/?l=bugtraq&m=105013378320711&w=2BUGTRAQ
34920http://secunia.com/advisories/34920SECUNIA
8499http://secunia.com/advisories/8499SECUNIA
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147MISC
http://www.idefense.com/advisory/04.08.03.txthttp://www.idefense.com/advisory/04.08.03.txtMISC
VU#206537http://www.kb.cert.org/vuls/id/206537CERT-VNUS Government Resource
RHSA-2003:139http://www.redhat.com/support/errata/RHSA-2003-139.htmlREDHAT
ADV-2009-1233http://www.vupen.com/english/advisories/2009/1233VUPEN
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3CcvsMLIST
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3CcvMLIST
oval:org.mitre.oval:def:156https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A156OVAL