CVE-2004-0751 – Apache mod_ssl 2.0.x - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2004-0751
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). La función char_buffer_read en el módulo mod_ssl de Apache 2.x, cuando se usa un proxy inverso con un servidor SSL, permite a atacantes remotos causar una denegación de permiso (fallo de segmentación). • https://www.exploit-db.com/exploits/24590 http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://www.novell.com/linux/security/advisories/2004_30_apache2.html http://www.redhat.com/support/errata/RHSA-2004-463.html http://www.trustix.org/errata/2004/0047 https:/ •
CVE-2004-0748
https://notcve.org/view.php?id=CVE-2004-0748
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. mod_ssl en Apache 2.0.50 y anteriores permite a atacantes remotos causar un denegación de servicio (consuminción de CPU) abortando un conexión SSL de cierta manera que causa que un proceso hijo de apache entre en un bucle infinito. • http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://www.novell.com/linux/security/advisories/2004_30_apache2.html http://www.redhat.com/support/errata/RHSA-2004-349.html http://www.trustix.org/errata/2004/0047 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750 https://exchange.xforce.ibmcloud.com/vulnerabilities/17200 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936a • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2004-0493 – Apache - Arbitrary Long HTTP Headers Denial of Service
https://notcve.org/view.php?id=CVE-2004-0493
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. La función ap_get_mime_headers_core de Apache httpd 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) y posiblemente un error de entero sin signo que conduce a un desbordamiento de búfer basado en el montón en en sistemas de 64 bits, mediante líneas de cabecera largas con muchos caractéres espacio o tabulador. • https://www.exploit-db.com/exploits/371 https://www.exploit-db.com/exploits/360 http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html http://marc.info/?l=bugtraq&m=108853066800184&w=2 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://security.gentoo.org/glsa/glsa-200407-03.xml http://www.apacheweek.com/features/security-20 http://www.guninski.com/httpd1.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:064 http://www.r •
CVE-2004-0488 – mod_ssl ssl_util_uuencode_binary CA issue
https://notcve.org/view.php?id=CVE-2004-0488
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. Desbordamiento de búfer basado en la pila en la función ssl_util_uuencode_binary en ssl_util.c de mod_ssl de Apache cuando se configura mod_ssl para que confie en la Autoridad Certificadora emisora, puede permitir a atacantes remotos ejecutar código arbitrario mediante un certificado de cliente con un DN de asunto grande. • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.html http://marc.info/?l=bugtraq&m=108567431823750&w=2 http://marc.info/?l=bugtraq&m=108619129727620&w=2 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://marc.info/?l=bugtraq&m=109215056218824&w=2 http://rhn.redhat.com/errata/RHSA-2004-245.html http://security.gentoo.org/glsa/glsa-200406-05.xml http://www.de • CWE-787: Out-of-bounds Write •
CVE-2004-1834
https://notcve.org/view.php?id=CVE-2004-1834
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. • http://marc.info/?l=bugtraq&m=107981737322495&w=2 http://secunia.com/advisories/11176 http://secunia.com/advisories/19072 http://securitytracker.com/id?1009509 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.osvdb.org/4446 http://www.redhat.com/support/errata/RHSA-2004-562.html http://www.securityfocus.com/bid/9933 http://www.vupen.com/english/advisories/2006/0789 https:/ •