Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
Gravité: : Medium
Identifiant(s) CVE: : CVE-2004-0493
Date du conseil: 21 juillet 2015
Description
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000633
Trend Micro Deep Security DPI Rule Name: 1000633 - Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
Affected software and version:
- Apache Software Foundation Apache 2.0.47
- Apache Software Foundation Apache 2.0.48
- Apache Software Foundation Apache 2.0.49
- Avaya Converged Communications Server 2.0
- Avaya S8300 R2.0.0
- Avaya S8500 R2.0.0
- Avaya S8700 R2.0.0
- Gentoo Gentoo Linux 1.4
- IBM IBM HTTP Server 2.0.42
- IBM IBM HTTP Server 2.0.42 .1
- IBM IBM HTTP Server 2.0.42 .2
- IBM IBM HTTP Server 2.0.47
- IBM IBM HTTP Server 2.0.47 .1
- Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 1.5
- Trustix Secure Linux 2.0
- Trustix Secure Linux 2.1