cvelistv5 - cve-2004-0174

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=107973894328806&w=2	Mailing List, Patch
cve@mitre.org	http://marc.info/?l=bugtraq&m=108066914830552&w=2	Mailing List, Patch
cve@mitre.org	http://marc.info/?l=bugtraq&m=108369640424244&w=2	Mailing List, Patch
cve@mitre.org	http://marc.info/?l=bugtraq&m=108437852004207&w=2	Mailing List
cve@mitre.org	http://marc.info/?l=bugtraq&m=108731648532365&w=2	Mailing List, Patch
cve@mitre.org	http://secunia.com/advisories/11170	Broken Link
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200405-22.xml	Third Party Advisory
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1	Broken Link
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1	Broken Link
cve@mitre.org	http://www.apache.org/dist/httpd/CHANGES_1.3	Broken Link
cve@mitre.org	http://www.kb.cert.org/vuls/id/132110	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2004:046	Patch, Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2004-405.html	Broken Link, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/9921	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/alerts/2004/Mar/1009495.html	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643	Mailing List, Patch
cve@mitre.org	http://www.trustix.org/errata/2004/0027	Broken Link
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/15540	Third Party Advisory, VDB Entry
cve@mitre.org	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List, Patch
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100110	Broken Link
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1982	Broken Link

▼	Vendor	Product
	n/a	n/a

gsd-2004-0174

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

Aliases

CVE-2004-0174

Aliases

CVE-2004-0174

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-0174",
    "description": "Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a \"short-lived connection on a rarely-accessed listening socket.\"",
    "id": "GSD-2004-0174",
    "references": [
      "https://www.suse.com/security/cve/CVE-2004-0174.html",
      "https://access.redhat.com/errata/RHSA-2004:405"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-0174"
      ],
      "details": "Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a \"short-lived connection on a rarely-accessed listening socket.\"",
      "id": "GSD-2004-0174",
      "modified": "2023-12-13T01:22:54.638286Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-0174",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a \"short-lived connection on a rarely-accessed listening socket.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "apache-socket-starvation-dos(15540)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15540"
          },
          {
            "name": "1009495",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/alerts/2004/Mar/1009495.html"
          },
          {
            "name": "57628",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1"
          },
          {
            "name": "RHSA-2004:405",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"
          },
          {
            "name": "http://www.apache.org/dist/httpd/CHANGES_1.3",
            "refsource": "CONFIRM",
            "url": "http://www.apache.org/dist/httpd/CHANGES_1.3"
          },
          {
            "name": "APPLE-SA-2004-05-03",
            "refsource": "APPLE",
            "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:100110",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100110"
          },
          {
            "name": "101555",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1"
          },
          {
            "name": "9921",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/9921"
          },
          {
            "name": "SSRT4717",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=108731648532365\u0026w=2"
          },
          {
            "name": "20040319 [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd)",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=107973894328806\u0026w=2"
          },
          {
            "name": "MDKSA-2004:046",
            "refsource": "MANDRAKE",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:046"
          },
          {
            "name": "11170",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/11170"
          },
          {
            "name": "2004-0027",
            "refsource": "TRUSTIX",
            "url": "http://www.trustix.org/errata/2004/0027"
          },
          {
            "name": "oval:org.mitre.oval:def:1982",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1982"
          },
          {
            "name": "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=108437852004207\u0026w=2"
          },
          {
            "name": "SSA:2004-133",
            "refsource": "SLACKWARE",
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.529643"
          },
          {
            "name": "GLSA-200405-22",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200405-22.xml"
          },
          {
            "name": "2004-0017",
            "refsource": "TRUSTIX",
            "url": "http://marc.info/?l=bugtraq\u0026m=108066914830552\u0026w=2"
          },
          {
            "name": "VU#132110",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/132110"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "51C2F62A-81F4-49AC-B83F-9A0FDF54FF2C",
                    "versionEndIncluding": "2.0.49",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a \"short-lived connection on a rarely-accessed listening socket.\""
          },
          {
            "lang": "es",
            "value": "Apache anteriores 2.0.49, cuando usa m\u00faltiples sockets en escucha en ciertas plataformas, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de nuevas conexiones) mediante una \"conexi\u00f3n de vida corta en un socket en escucha raramente accedido."
          }
        ],
        "id": "CVE-2004-0174",
        "lastModified": "2024-02-15T20:37:56.673",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2004-05-04T04:00:00.000",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107973894328806\u0026w=2"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108066914830552\u0026w=2"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108437852004207\u0026w=2"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108731648532365\u0026w=2"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://secunia.com/advisories/11170"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200405-22.xml"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.apache.org/dist/httpd/CHANGES_1.3"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "http://www.kb.cert.org/vuls/id/132110"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:046"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/9921"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securitytracker.com/alerts/2004/Mar/1009495.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.529643"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.trustix.org/errata/2004/0027"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15540"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100110"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1982"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vendorComments": [
          {
            "comment": "Not vulnerable.  This issue did not affect Linux.",
            "lastModified": "2006-08-30T00:00:00",
            "organization": "Red Hat"
          },
          {
            "comment": "Fixed in Apache HTTP Server 2.0.49, and 1.3.31:\nhttp://httpd.apache.org/security/vulnerabilities_20.html\nhttp://httpd.apache.org/security/vulnerabilities_13.html",
            "lastModified": "2008-07-02T00:00:00",
            "organization": "Apache"
          }
        ],
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-667"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

rhsa-2004_405

Vulnerability from csaf_redhat

Published

2004-07-23 09:26

Modified

2024-11-21 23:08

Summary

Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold

Notes

Topic

Updated versions of cross-platform Stronghold that fix security issues in mod_ssl, PHP, and the Apache HTTP Server are now available.

Details

Stronghold 4 contains a number of open source technologies, including PHP, mod_ssl and the Apache HTTP Server. Stefan Esser discovered a flaw when the memory_limit configuration setting was enabled in PHP 4 versions prior to 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0594 to this issue. It may be possible to exploit this issue if using a non-default PHP configuration with the "register_defaults" setting is changed to "On". Red Hat does not believe that this flaw is exploitable in the default configuration of Stronghold 4. Stefan Esser discovered a flaw in the strip_tags function in versions of PHP prior to 4.3.8. The strip_tags function is commonly used by PHP scripts to prevent cross-site scripting attacks by removing HTML tags from user-supplied form data. By embedding NUL bytes into form data, HTML tags can in some cases be passed intact through the strip_tags function, which may allow a cross-site scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to this issue. A stack buffer overflow was discovered in mod_ssl which can be triggered if using the FakeBasicAuth option. If mod_ssl is sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow can occur if FakeBasicAuth has been enabled. In order to exploit this issue, the carefully crafted malicious certificate would have to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0488 to this issue. A format string issue was discovered in mod_ssl which can be triggered if mod_ssl is configured to allow a client to proxy to remote SSL sites. If mod_ssl is forced to connect to a remote SSL server using a carefully crafted hostname, an attacker may be able to crash an Apache child process. This issue is not known to allow arbitrary execution of code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0700 to this issue. A denial of service issue was discovered which affects versions of the Apache HTTP Server prior to 1.3.30. On some platforms, when Apache is configured with multiple listening sockets, a short-lived connection to one socket may temporarily block new connections to other sockets. This issue does not affect Stronghold if running on Linux, FreeBSD or HP-UX platforms. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0174 to this issue. Users of Stronghold 4 cross-platform are advised to update to these errata versions, which contain backported security fixes and are not vulnerable to these issues.

Terms of Use

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of cross-platform Stronghold that fix security issues in\nmod_ssl, PHP, and the Apache HTTP Server are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nPHP, mod_ssl and the Apache HTTP Server.\n\nStefan Esser discovered a flaw when the memory_limit configuration setting\nwas enabled in PHP 4 versions prior to 4.3.8. If a remote attacker could\nforce the PHP interpreter to allocate more memory than the memory_limit\nsetting before script execution begins, then the attacker may be able to\nsupply the contents of a PHP hash table remotely. This hash table could\nthen be used to execute arbitrary code as the \u0027apache\u0027 user. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0594 to this issue.\n\nIt may be possible to exploit this issue if using a non-default PHP\nconfiguration with the \"register_defaults\" setting is changed to \"On\".  Red\nHat does not believe that this flaw is exploitable in the default\nconfiguration of Stronghold 4.\n\nStefan Esser discovered a flaw in the strip_tags function in versions of\nPHP prior to 4.3.8. The strip_tags function is commonly used by PHP scripts\nto prevent cross-site scripting attacks by removing HTML tags from\nuser-supplied form data. By embedding NUL bytes into form data, HTML tags\ncan in some cases be passed intact through the strip_tags function, which\nmay allow a cross-site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to\nthis issue.\n\nA stack buffer overflow was discovered in mod_ssl which can be triggered if\nusing the FakeBasicAuth option. If mod_ssl is sent a client certificate\nwith a subject DN field longer than 6000 characters, a stack overflow can\noccur if FakeBasicAuth has been enabled. In order to exploit this issue,\nthe carefully crafted malicious certificate would have to be signed by a\nCertificate Authority which mod_ssl is configured to trust. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0488 to this issue.\n\nA format string issue was discovered in mod_ssl which can be triggered if \nmod_ssl is configured to allow a client to proxy to remote SSL sites. \nIf mod_ssl is forced to connect to a remote SSL server using a\ncarefully crafted hostname, an attacker may be able to crash an Apache\nchild process.  This issue is not known to allow arbitrary execution of\ncode.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0700 to this issue.\n\nA denial of service issue was discovered which affects versions of the\nApache HTTP Server prior to 1.3.30.  On some platforms, when Apache is\nconfigured with multiple listening sockets, a short-lived connection to\none socket may temporarily block new connections to other sockets.  This\nissue does not affect Stronghold if running on Linux, FreeBSD or HP-UX\nplatforms.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0174 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:405",
        "url": "https://access.redhat.com/errata/RHSA-2004:405"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "127703",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=127703"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_405.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T23:08:43+00:00",
      "generator": {
        "date": "2024-11-21T23:08:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:405",
      "initial_release_date": "2004-07-23T09:26:00+00:00",
      "revision_history": [
        {
          "date": "2004-07-23T09:26:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-07-23T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:08:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0174",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a \"short-lived connection on a rarely-accessed listening socket.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Not vulnerable.  This issue did not affect Linux.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0174"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0174",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0174"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0174",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0174"
        }
      ],
      "release_date": "2004-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0488",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430867"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_ssl ssl_util_uuencode_binary CA issue",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0488"
        },
        {
          "category": "external",
          "summary": "RHBZ#430867",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430867"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0488"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0488",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0488"
        }
      ],
      "release_date": "2004-05-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_ssl ssl_util_uuencode_binary CA issue"
    },
    {
      "cve": "CVE-2004-0594",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617233"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0594"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617233",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617233"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0594"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0594",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0594"
        }
      ],
      "release_date": "2004-07-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0595",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617234"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0595"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617234",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617234"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0595"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0595",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0595"
        }
      ],
      "release_date": "2004-07-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0700",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430866"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_proxy hook format string",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0700"
        },
        {
          "category": "external",
          "summary": "RHBZ#430866",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430866"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0700",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0700"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0700",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0700"
        }
      ],
      "release_date": "2004-07-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mod_proxy hook format string"
    }
  ]
}

ghsa-gvmp-gr98-mp6j

Vulnerability from github

Published

2022-04-29 02:57

Modified

2024-02-15 21:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-0174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-05-04T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a \"short-lived connection on a rarely-accessed listening socket.\"",
  "id": "GHSA-gvmp-gr98-mp6j",
  "modified": "2024-02-15T21:31:23Z",
  "published": "2022-04-29T02:57:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0174"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100110"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1982"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15540"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=107973894328806\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108066914830552\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108369640424244\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108437852004207\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108731648532365\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/11170"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200405-22.xml"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1"
    },
    {
      "type": "WEB",
      "url": "http://www.apache.org/dist/httpd/CHANGES_1.3"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/132110"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:046"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/9921"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/alerts/2004/Mar/1009495.html"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.529643"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2004/0027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2004-0174

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2004-0174

Vulnerability from cvelistv5

gsd-2004-0174

Vulnerability from gsd

rhsa-2004_405

Vulnerability from csaf_redhat

ghsa-gvmp-gr98-mp6j

Vulnerability from github

Tags

Sightings

Nomenclature