Rapid7 Vulnerability & Exploit Database

Apache HTTPD: IPv6 URI parsing heap overflow (CVE-2004-0786)

Back to Search

Apache HTTPD: IPv6 URI parsing heap overflow (CVE-2004-0786)

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

10/20/2004

Created

07/25/2018

Added

04/12/2012

Modified

02/13/2015

Description

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. One some BSD systems it is believed this flaw may be able to lead to remote code execution.

Solution(s)

apache-httpd-upgrade-2_0_51

References

https://attackerkb.com/topics/cve-2004-0786
CVE - 2004-0786
MDKSA-2004:096
OVAL11380
RHSA-2004:463
SUSE-SA:2004:032
http://httpd.apache.org/security/vulnerabilities_20.html
17382

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Apache HTTPD: IPv6 URI parsing heap overflow (CVE-2004-0786)