CVE-2004-0493

Name of the Vulnerable Software and Affected Versions Apache httpd version 2.0.49 IBM HTTP Server (affected versions not specified) Avaya Converged Communications Server (affected versions not specified) Avaya S8300 (affected versions not specified) Avaya S8500 (affected versions not specified) Avaya S8700 (affected versions not specified) Gentoo Linux (affected versions not specified) Trustix Secure Linux (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service due to memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64-bit systems. This can be achieved via long header lines with large numbers of space or tab characters in HTTP headers. A memory leak in parsing of HTTP headers can also be triggered remotely, allowing a denial of service attack due to excessive memory consumption.

Recommendations For Apache httpd version 2.0.49, consider updating to a newer version to mitigate the risk. For IBM HTTP Server, Avaya Converged Communications Server, Avaya S8300, Avaya S8500, Avaya S8700, Gentoo Linux, and Trustix Secure Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.