CVE-2004-0786

Apache HTTP Server 2.0.35-2.0.50 - Denial of Service via IPv6 URI Parsing

Title source: llm
STIX 2.1

Description

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.

References (20)

Core 20
Core References
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2004_32_apache2.html
Patch, Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-463.html
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12540
Broken Link vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2004/0047/
Broken Link vendor-advisory x_refsource_mandrake
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17382

Scores

EPSS 0.2177
EPSS Percentile 97.4%

Details

Status published
Products (1)
apache/http_server 2.0.35 - 2.0.51
Published Oct 20, 2004
Tracked Since Feb 18, 2026