Bug 152744 - CAN-2004-0493 - denial of service in ap_get_mime_headers_core function in Apache
CAN-2004-0493 - denial of service in ap_get_mime_headers_core function in Apache
Status: CLOSED CURRENTRELEASE
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
LEGACY, rh90
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-01 05:11 EDT by Marc Deslauriers
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:25:56 EST
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote
attackers to cause a denial of service (memory exhaustion), and possibly an
integer signedness error leading to a heap-based buffer overflow on 64 bit
systems, via long header lines with large numbers of space or tab characters.

More info:

http://lists.netsys.com/pipermail/full-disclosure/2004-June/023133.html



------- Additional Comments From marcdeslauriers@videotron.ca 2004-07-02 12:32:06 ----

New apache packages were made for RH9 and can be found in bug #1708

Please QA.




------- Additional Comments From fedora-legacy-bugzilla-2004@fumika.jp 2004-08-12 21:14:33 ----

Created an attachment (id=813)
CAN-2004-0493.patch-1of2

This patch (1 of 2) is patch for ap_get_mime_headers_core function changed in
2.0.46.
This is made from
http://www.apache.jp/viewcvs.cgi/httpd-2.0/server/protocol.c.diff?r1=1.127&r2=1.128&diff_format=u




------- Additional Comments From fedora-legacy-bugzilla-2004@fumika.jp 2004-08-12 21:18:40 ----

Created an attachment (id=814)
CAN-2004-0493.patch-2of2

This patch (2 of 2) is extracted from httpd-2.0.46-32.ent.3.src.rpm.




------- Additional Comments From ckelley@ibnads.com 2004-09-14 11:22:34 ----

For redhat 7.3 the packages above have been superceded by those in bug 1888.

This should be closed.




------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-02 14:52:11 ----

Bug 2068 pushed to updates-testing



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:25 -------

This bug previously known as bug 1805 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1805
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
CAN-2004-0493.patch-1of2
https://bugzilla.fedora.us/attachment.cgi?action=view&id=813
CAN-2004-0493.patch-2of2
https://bugzilla.fedora.us/attachment.cgi?action=view&id=814

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.