Rapid7 Vulnerability & Exploit Database

Apache HTTPD: IPv6 URI parsing heap overflow (CVE-2004-0786)

Back to Search

Apache HTTPD: IPv6 URI parsing heap overflow (CVE-2004-0786)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
10/20/2004
Created
07/25/2018
Added
04/12/2012
Modified
02/13/2015

Description

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. One some BSD systems it is believed this flaw may be able to lead to remote code execution.

Solution(s)

  • apache-httpd-upgrade-2_0_51

References

  • apache-httpd-upgrade-2_0_51

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;