CVE-2004-0113

Apache HTTP Server < 2.0.49 - Denial of Service via Plain HTTP Requests to SSL Port

Title source: llm
STIX 2.1

Description

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

References (29)

Core 29
Core References
Mailing List vendor-advisory x_refsource_apple
http://marc.info/?l=bugtraq&m=108369640424244&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108034113406858&w=2
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=108731648532365&w=2
Vendor Advisory x_refsource_confirm
http://www.apacheweek.com/features/security-20
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-182.html
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9826
Vendor Advisory vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2004/0017
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-084.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200403-04.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15419
Various Sources vendor-advisory x_refsource_mandrake
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4182
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=apache-cvs&m=107869699329638

Scores

EPSS 0.0990
EPSS Percentile 95.0%

Details

Status published
Products (14)
apache/http_server 2.0.35
apache/http_server 2.0.36
apache/http_server 2.0.37
apache/http_server 2.0.38
apache/http_server 2.0.39
apache/http_server 2.0.40
apache/http_server 2.0.41
apache/http_server 2.0.42
apache/http_server 2.0.43
apache/http_server 2.0.44
... and 4 more
Published Mar 29, 2004
Tracked Since Feb 18, 2026