CVE-2003-0132

Apache HTTP Server 2.0.0-2.0.44 - Denial of Service via Large Linefeed Character Chunks

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0132. PoCs published by Daniel Nystram, Matthew Murphy.

AI-analyzed exploit summary This exploit sends a large buffer of carriage return and newline characters to an Apache server to trigger a memory leak DoS condition. It targets Apache versions up to 2.0.44 by overwhelming the server with malformed input.

Description

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Daniel Nystram · cdoslinux
https://www.exploit-db.com/exploits/11

This exploit sends a large buffer of carriage return and newline characters to an Apache server to trigger a memory leak DoS condition. It targets Apache versions up to 2.0.44 by overwhelming the server with malformed input.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apache <= 2.0.44
No auth needed
Prerequisites: Network access to the target Apache server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Matthew Murphy · cdoswindows
https://www.exploit-db.com/exploits/9

This exploit targets a memory leak vulnerability in Apache 2.x by sending repeated HTTP requests with excessive newlines, causing resource exhaustion. It is designed to test the vulnerability's impact across different platforms and MPMs.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apache 2.x
No auth needed
Prerequisites: Network access to the target Apache server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (27)

Core 27
Core References
Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104994239010517&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1233
Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105013378320711&w=2
Third Party Advisory x_refsource_misc
http://www.idefense.com/advisory/04.08.03.txt
Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104982175321731&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34920
Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A156
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/8499
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-139.html
Exploit, Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105001663120995&w=2
Third Party Advisory x_refsource_confirm
http://lists.apple.com/mhonarc/security-announce/msg00028.html
Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104931360606484&w=2
Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104994309010974&w=2
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/206537

Scores

EPSS 0.8668
EPSS Percentile 99.7%

Details

CWE
CWE-772
Status published
Products (1)
apache/http_server 2.0.0 - 2.0.44
Published Apr 11, 2003
Tracked Since Feb 18, 2026