// For flags

CVE-2005-2728

Ubuntu Security Notice 177-1

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

A flaw was discovered in mod_ssl's handling of the SSLVerifyClient directive. This flaw occurs if a virtual host is configured using SSLVerifyClient optional and a directive SSLVerifyClient required is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-08-29 CVE Reserved
  • 2005-08-29 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-08-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (54)
URL Tag Source
http://secunia.com/advisories/16705 Third Party Advisory
http://secunia.com/advisories/16714 Third Party Advisory
http://secunia.com/advisories/16743 Third Party Advisory
http://secunia.com/advisories/16746 Third Party Advisory
http://secunia.com/advisories/16753 Third Party Advisory
http://secunia.com/advisories/16754 Third Party Advisory
http://secunia.com/advisories/16769 Third Party Advisory
http://secunia.com/advisories/16789 Third Party Advisory
http://secunia.com/advisories/16956 Third Party Advisory
http://secunia.com/advisories/17036 Third Party Advisory
http://secunia.com/advisories/17288 Third Party Advisory
http://secunia.com/advisories/17600 Third Party Advisory
http://secunia.com/advisories/17831 Third Party Advisory
http://secunia.com/advisories/17923 Third Party Advisory
http://secunia.com/advisories/18161 Third Party Advisory
http://secunia.com/advisories/18333 Third Party Advisory
http://secunia.com/advisories/18517 Third Party Advisory
http://secunia.com/advisories/19072 Third Party Advisory
http://securityreason.com/securityalert/604 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm X_refsource_confirm
http://www.vupen.com/english/advisories/2006/0789 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/22006 Vdb Entry
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10017 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1246 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1727 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A760 Signature
URL Date SRC
URL Date SRC
http://issues.apache.org/bugzilla/show_bug.cgi?id=29962 2023-11-07
http://www.gentoo.org/security/en/glsa/glsa-200508-15.xml 2023-11-07
http://www.securityfocus.com/bid/14660 2023-11-07
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U 2023-11-07
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html 2023-11-07
http://secunia.com/advisories/16559 2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 2023-11-07
http://www.debian.org/security/2005/dsa-805 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2005:161 2023-11-07
http://www.novell.com/linux/security/advisories/2005_51_apache2.html 2023-11-07
http://www.novell.com/linux/security/advisories/2005_52_apache2.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2005-608.html 2023-11-07
http://www.securityfocus.com/archive/1/428138/100/0/threaded 2023-11-07
http://www.ubuntu.com/usn/usn-177-1 2023-11-07
https://access.redhat.com/security/cve/CVE-2005-2728 2005-09-06
https://bugzilla.redhat.com/show_bug.cgi?id=1617753 2005-09-06
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0
Search vendor "Apache" for product "Http Server" and version "2.0"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.9
Search vendor "Apache" for product "Http Server" and version "2.0.9"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.28
Search vendor "Apache" for product "Http Server" and version "2.0.28"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.28
Search vendor "Apache" for product "Http Server" and version "2.0.28"
beta
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.32
Search vendor "Apache" for product "Http Server" and version "2.0.32"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.35
Search vendor "Apache" for product "Http Server" and version "2.0.35"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.36
Search vendor "Apache" for product "Http Server" and version "2.0.36"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.37
Search vendor "Apache" for product "Http Server" and version "2.0.37"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.38
Search vendor "Apache" for product "Http Server" and version "2.0.38"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.39
Search vendor "Apache" for product "Http Server" and version "2.0.39"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.40
Search vendor "Apache" for product "Http Server" and version "2.0.40"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.41
Search vendor "Apache" for product "Http Server" and version "2.0.41"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.42
Search vendor "Apache" for product "Http Server" and version "2.0.42"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.43
Search vendor "Apache" for product "Http Server" and version "2.0.43"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.44
Search vendor "Apache" for product "Http Server" and version "2.0.44"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.45
Search vendor "Apache" for product "Http Server" and version "2.0.45"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.46
Search vendor "Apache" for product "Http Server" and version "2.0.46"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.47
Search vendor "Apache" for product "Http Server" and version "2.0.47"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.48
Search vendor "Apache" for product "Http Server" and version "2.0.48"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.49
Search vendor "Apache" for product "Http Server" and version "2.0.49"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.50
Search vendor "Apache" for product "Http Server" and version "2.0.50"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.51
Search vendor "Apache" for product "Http Server" and version "2.0.51"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.52
Search vendor "Apache" for product "Http Server" and version "2.0.52"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 2.0.53
Search vendor "Apache" for product "Http Server" and version "2.0.53"
-
Affected