危険度: 緊急
  CVE識別番号: CVE-2004-0492
  情報公開日: 7 21, 2015

  概要

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1004740
  Trend Micro Deep Security DPI Rule Name: 1004740 - Apache HTTP Server Mod_Proxy Remote Negative Content-Length Buffer Overflow

  影響を受けるソフトウェア

  • Apache Software Foundation Apache 1.3.26
  • Apache Software Foundation Apache 1.3.27
  • Apache Software Foundation Apache 1.3.28
  • Apache Software Foundation Apache 1.3.29
  • Apache Software Foundation Apache 1.3.31
  • HP HP-UX (VVOS) 11.0 4
  • HP VirtualVault 11.0.4
  • HP Webproxy 2.0
  • HP Webproxy 2.1
  • IBM HTTP Server 1.3.26
  • IBM HTTP Server 1.3.26 .1
  • IBM HTTP Server 1.3.26 .2
  • IBM HTTP Server 1.3.28
  • IBM IBM HTTP Server 1.3.26
  • IBM IBM HTTP Server 1.3.26 .1
  • IBM IBM HTTP Server 1.3.26 .2
  • IBM IBM HTTP Server 1.3.28
  • OpenBSD OpenBSD
  • OpenBSD OpenBSD 3.4
  • OpenBSD OpenBSD 3.5
  • SGI ProPack 2.4