By Release Dates
Red Hat Advisories
Suse Linux Advisories
About & Contact
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.
Four issues have been discovered affecting releases of the Apache HTTP 2.0
Server, up to and including version 2.0.50:
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util library.
If a remote attacker sent a request including a carefully crafted URI, an
httpd child process could be made to crash. This issue is not believed to
allow arbitrary code execution on Red Hat Enterprise Linux. This issue
also does not represent a significant denial of service attack as requests
will continue to be handled by other Apache child processes. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0786 to this issue.
The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
expansion of environment variables during configuration file parsing. This
issue could allow a local user to gain 'apache' privileges if an httpd
process can be forced to parse a carefully crafted .htaccess file written
by a local user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0747 to this issue.
An issue was discovered in the mod_ssl module which could be triggered if
the server is configured to allow proxying to a remote SSL server. A
malicious remote SSL server could force an httpd child process to crash by
sending a carefully crafted response header. This issue is not believed to
allow execution of arbitrary code. This issue also does not represent a
significant Denial of Service attack as requests will continue to be
handled by other Apache child processes. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0751 to
An issue was discovered in the mod_dav module which could be triggered for
a location where WebDAV authoring access has been configured. A malicious
remote client which is authorized to use the LOCK method could force an
httpd child process to crash by sending a particular sequence of LOCK
requests. This issue does not allow execution of arbitrary code. This
issue also does not represent a significant Denial of Service attack as
requests will continue to be handled by other Apache child processes. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0809 to this issue.
Users of the Apache HTTP server should upgrade to these updated packages,
which contain backported patches that address these issues.
Create Date: 2004-09-15 Last Update Date: 2004-09-15
unix (from OVAL definitions)
- Red Hat Enterprise Linux 3
OVAL Definitions By Referenced Objects
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is
MITRE's CVE web site
CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is
MITRE's CWE web site
OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is
MITRE's OVAL web site
Warning: This site and all data are provided as is.
It is not guaranteed that all information is accurate and complete.
Use any information provided on this site at your own risk.
By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete.
All trademarks appearing on this site are the property of their respective owners in the US or other countries.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
In no event shall the author/distributor/web site owner/maintainer be held liable for
any damages whatsoever arising out of or in connection with the use or spread of this information.