CVE-2004-0113

Current Description

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

Basic Data

PublishedMarch 29, 2004
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationApacheHttp Server2.0.35*******
    2.3ApplicationApacheHttp Server2.0.36*******
    2.3ApplicationApacheHttp Server2.0.37*******
    2.3ApplicationApacheHttp Server2.0.38*******
    2.3ApplicationApacheHttp Server2.0.39*******
    2.3ApplicationApacheHttp Server2.0.40*******
    2.3ApplicationApacheHttp Server2.0.41*******
    2.3ApplicationApacheHttp Server2.0.42*******
    2.3ApplicationApacheHttp Server2.0.43*******
    2.3ApplicationApacheHttp Server2.0.44*******
    2.3ApplicationApacheHttp Server2.0.45*******
    2.3ApplicationApacheHttp Server2.0.46*******
    2.3ApplicationApacheHttp Server2.0.47*******
    2.3ApplicationApacheHttp Server2.0.48*******

Vulnerable Software List

VendorProductVersions
Apache Http Server 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.0.41, 2.0.42, 2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48

References

NameSourceURLTags
CLSA-2004:839http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839CONECTIVA
http://issues.apache.org/bugzilla/show_bug.cgi?id=27106http://issues.apache.org/bugzilla/show_bug.cgi?id=27106MISC
[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.chttp://marc.info/?l=apache-cvs&m=107869699329638MLIST
20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48http://marc.info/?l=bugtraq&m=108034113406858&w=2BUGTRAQ
APPLE-SA-2004-05-03http://marc.info/?l=bugtraq&m=108369640424244&w=2APPLE
SSRT4717http://marc.info/?l=bugtraq&m=108731648532365&w=2HP
GLSA-200403-04http://security.gentoo.org/glsa/glsa-200403-04.xmlGENTOO
http://www.apacheweek.com/features/security-20http://www.apacheweek.com/features/security-20CONFIRMVendor Advisory
MDKSA-2004:043http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043MANDRAKE
4182http://www.osvdb.org/4182OSVDB
RHSA-2004:084http://www.redhat.com/support/errata/RHSA-2004-084.htmlREDHAT
RHSA-2004:182http://www.redhat.com/support/errata/RHSA-2004-182.htmlREDHAT
9826http://www.securityfocus.com/bid/9826BIDPATCH Vendor Advisory
2004-0017http://www.trustix.org/errata/2004/0017TRUSTIX
apache-modssl-plain-dos(15419)https://exchange.xforce.ibmcloud.com/vulnerabilities/15419XF
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3CcvsMLIST
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3CcvMLIST
oval:org.mitre.oval:def:876https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876OVAL