CVE-2004-0492

Name of the Vulnerable Software and Affected Versions Apache versions 1.3.25 through 1.3.31

Description A heap-based buffer overflow issue exists in the mod proxy module of Apache, which can be triggered by a negative Content-Length HTTP header field. This allows remote attackers to cause a denial of service, potentially leading to process crashes. On some BSD platforms, this issue may also lead to remote arbitrary code execution. An attacker would need to get an Apache installation configured as a proxy to connect to a malicious site to exploit this issue.

Recommendations For Apache versions 1.3.25 through 1.3.31, consider disabling the mod proxy module until a patch is available to prevent potential exploitation. Restrict access to the proxy functionality to minimize the risk of denial of service or arbitrary code execution.