FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache 2 mod_ssl denial-of-service

Affected packages
2.0 <= apache <= 2.0.48_3

Details

VuXML ID 492f8896-70fa-11d8-873f-0020ed76ef5a
Discovery 2004-02-20
Entry 2004-03-08
Modified 2004-05-19

Joe Orton reports a memory leak in Apache 2's mod_ssl. A remote attacker may issue HTTP requests on an HTTPS port, causing an error. Due to a bug in processing this condition, memory associated with the connection is not freed. Repeated requests can result in consuming all available memory resources, probably resulting in termination of the Apache process.

References

Bugtraq ID 9826
CVE Name CVE-2004-0113
Message http://marc.theaimsgroup.com/?l=apache-cvs&m=107869699329638
URL http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.100.2.11&r2=1.100.2.12
URL http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106
URL http://www.apacheweek.com/features/security-20

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.