CVE-2004-0751

Apache HTTP Server 2.0.44-2.0.50 - Denial of Service in mod_ssl Reverse Proxy

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0751. PoCs published by M. _Alex_ Hankins.

AI-analyzed exploit summary This is a writeup describing a remote denial of service vulnerability in Apache 2.x mod_ssl, specifically in the 'char_buffer_read' function of 'ssl_engine_io.c'. The issue can be triggered by sending a specially crafted URI to a vulnerable server with a specific configuration.

Description

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

Exploits (1)

exploitdb WRITEUP VERIFIED
by M. _Alex_ Hankins · textdoslinux
https://www.exploit-db.com/exploits/24590

This is a writeup describing a remote denial of service vulnerability in Apache 2.x mod_ssl, specifically in the 'char_buffer_read' function of 'ssl_engine_io.c'. The issue can be triggered by sending a specially crafted URI to a vulnerable server with a specific configuration.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Apache 2.0.50 (mod_ssl)
No auth needed
Prerequisites: Apache server with mod_ssl enabled · Specific configuration in httpd.conf (SSLProxyEngine, RewriteEngine, and RewriteRule) · Network access to the target server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-463.html
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2004_30_apache2.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17273
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
Broken Link vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2004/0047/
Broken Link vendor-advisory x_refsource_mandrake
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html

Scores

EPSS 0.6965
EPSS Percentile 99.3%

Details

Status published
Products (1)
apache/http_server 2.0.44 - 2.0.51
Published Oct 20, 2004
Tracked Since Feb 18, 2026