Details of VAR-200407-0075

ID

VAR-200407-0075

CVE

CVE-2004-0488

TITLE

Apache HTTP Server of mod_ssl Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2004-000199

DESCRIPTION

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. mod_ssl Is httpd.conf In SSLOptions Is a directive option FakeBasicAuth If enabled, a buffer overflow vulnerability exists.SSL Is enabled Apache HTTP Server Service disruption at (DoS) It may be in a state. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. A stack-based buffer overflow has been reported in the Apache 'mod_ssl' module. This issue is exposed in utility code for uuencoding binary data. This issue would most likely result in a denial of service if triggered, but could theoretically allow arbitrary code to run. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, but this may not be the case with other architectures. Mod_SSL is the SSL implementation on the Apache server, used to provide encryption support for the Apache web server. A remote attacker can use the ssl_engine_kernel.c module that uses this function to conduct a denial of service attack or execute arbitrary instructions in the WEB process

Trust: 2.25

sources: NVD: CVE-2004-0488 // JVNDB: JVNDB-2004-000199 // BID: 13139 // BID: 10355 // VULHUB: VHN-8918

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	3.0	Trust: 1.3
vendor:	apache	model:	http server	scope:	gte	version:	2.0.35	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	2.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	lt	version:	2.0.50	Trust: 1.0
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.1	Trust: 0.9
vendor:	trustix	model:	secure linux	scope:	eq	version:	1.5	Trust: 0.9
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.0	Trust: 0.9
vendor:	apache	model:	http server	scope:	lte	version:	2.0.49	Trust: 0.8
vendor:	modssl	model:	mod ssl	scope:	lte	version:	2.8.17	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	1.1	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.1	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0	Trust: 0.8
vendor:	sun microsystems	model:	cobalt raq550	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	6.5	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	7	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	8	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.00	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.04	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.11	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.22	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	peoplesoft	model:	oneworld xe/erp8 applications sp22	scope:	-	version:	-	Trust: 0.3
vendor:	peoplesoft	model:	enterpriseone applications	scope:	eq	version:	8.93	Trust: 0.3
vendor:	peoplesoft	model:	enterpriseone applications sp2	scope:	eq	version:	8.9	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.2.6	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.2.0.5	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.0.4	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.0.1.5	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.0.1.4	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.2.6	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.2.0.5	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.0.4	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.0.1.5	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.0.1.4	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.2.6.0	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.2.0.5	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.0.4	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.0.1.5	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.0.1.4	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	9.0.3.1	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	9.0.2.3	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	1.0.2.2	Trust: 0.3
vendor:	oracle	model:	oracle8i standard edition	scope:	eq	version:	8.1.7.4	Trust: 0.3
vendor:	oracle	model:	oracle8i enterprise edition	scope:	eq	version:	8.1.7.4.0	Trust: 0.3
vendor:	oracle	model:	oracle10g standard edition	scope:	eq	version:	10.1.0.4	Trust: 0.3
vendor:	oracle	model:	oracle10g standard edition	scope:	eq	version:	10.1.0.3.1	Trust: 0.3
vendor:	oracle	model:	oracle10g standard edition	scope:	eq	version:	10.1.0.3	Trust: 0.3
vendor:	oracle	model:	oracle10g standard edition	scope:	eq	version:	10.1.0.2	Trust: 0.3
vendor:	oracle	model:	oracle10g personal edition	scope:	eq	version:	10.1.0.4	Trust: 0.3
vendor:	oracle	model:	oracle10g personal edition	scope:	eq	version:	10.1.0.3.1	Trust: 0.3
vendor:	oracle	model:	oracle10g personal edition	scope:	eq	version:	10.1.0.3	Trust: 0.3
vendor:	oracle	model:	oracle10g personal edition	scope:	eq	version:	10.1.0.2	Trust: 0.3
vendor:	oracle	model:	oracle10g enterprise edition	scope:	eq	version:	10.1.0.4	Trust: 0.3
vendor:	oracle	model:	oracle10g enterprise edition	scope:	eq	version:	10.1.0.3.1	Trust: 0.3
vendor:	oracle	model:	oracle10g enterprise edition	scope:	eq	version:	10.1.0.3	Trust: 0.3
vendor:	oracle	model:	oracle10g enterprise edition	scope:	eq	version:	10.1.0.2	Trust: 0.3
vendor:	oracle	model:	oracle10g application server	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	oracle	model:	oracle10g application server	scope:	eq	version:	10.1.0.3.1	Trust: 0.3
vendor:	oracle	model:	oracle10g application server	scope:	eq	version:	9.0.4.1	Trust: 0.3
vendor:	oracle	model:	oracle10g application server	scope:	eq	version:	9.0.4.0	Trust: 0.3
vendor:	oracle	model:	enterprise manager grid control 10g	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	oracle	model:	enterprise manager grid control 10g	scope:	eq	version:	10.1.0.2	Trust: 0.3
vendor:	oracle	model:	enterprise manager	scope:	eq	version:	9.0.4.1	Trust: 0.3
vendor:	oracle	model:	enterprise manager	scope:	eq	version:	9.0.4.0	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.10	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.9	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.8	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.7	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.6	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.5	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	oracle	model:	e-business suite 11i	scope:	eq	version:	11.5	Trust: 0.3
vendor:	oracle	model:	e-business suite	scope:	eq	version:	11.0	Trust: 0.3
vendor:	oracle	model:	collaboration suite release	scope:	eq	version:	29.0.4.2	Trust: 0.3
vendor:	oracle	model:	collaboration suite release	scope:	eq	version:	29.0.4.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.49	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.35	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.23	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	2.1	Trust: 0.3
vendor:	mod ssl	model:	mod ssl	scope:	eq	version:	2.8.12	Trust: 0.3
vendor:	mod ssl	model:	mod ssl	scope:	eq	version:	2.8.9	Trust: 0.3
vendor:	redhat	model:	stronghold	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openbsd	model:	-current	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.22	scope:	-	version:	-	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	3.5	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.1	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.28	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.39	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mod ssl	model:	mod ssl	scope:	eq	version:	2.8.7	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	10.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.32	Trust: 0.3
vendor:	apache	model:	-dev	scope:	eq	version:	1.3.7	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	hp	model:	webproxy a.02.00	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	3.0	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor	scope:	eq	version:	2.1	Trust: 0.3
vendor:	tinysofa	model:	enterprise server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	hp	model:	compaq secure web server for openvms	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.22	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.9	Trust: 0.3
vendor:	hp	model:	virtualvault a.04.70	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	linux	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.43	Trust: 0.3
vendor:	hp	model:	openvms secure web server	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	mandriva	model:	linux mandrake ppc	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.20	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.26	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.25	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.37	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.14	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.11	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.4	Trust: 0.3
vendor:	redhat	model:	network proxy (for rhel	scope:	eq	version:	4)4.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	2.1	Trust: 0.3
vendor:	hp	model:	openvms secure web server	scope:	eq	version:	7.3-1	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	eq	version:	1.4	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.2	Trust: 0.3
vendor:	turbolinux	model:	home	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	linux i686	scope:	eq	version:	7.3	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	3.0	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	hp	model:	openvms secure web server	scope:	eq	version:	7.3-2	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.48	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.45	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.12	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.38	Trust: 0.3
vendor:	mod ssl	model:	mod ssl	scope:	eq	version:	2.8.10	Trust: 0.3
vendor:	hp	model:	openvms secure web server	scope:	eq	version:	7.2-2	Trust: 0.3
vendor:	trustix	model:	secure enterprise linux	scope:	eq	version:	2.0	Trust: 0.3
vendor:	hp	model:	virtualvault a.04.50	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.46	Trust: 0.3
vendor:	hp	model:	compaq secure web server for openvms	scope:	eq	version:	1.3	Trust: 0.3
vendor:	turbolinux	model:	desktop	scope:	eq	version:	10.0	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.44	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.24	Trust: 0.3
vendor:	apache	model:	beta	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	redhat	model:	enterprise linux as ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.40	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	3.4	Trust: 0.3
vendor:	mod ssl	model:	mod ssl	scope:	eq	version:	2.8.16	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.23	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3	Trust: 0.3
vendor:	hp	model:	webproxy a.02.10	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	compaq secure web server for openvms	scope:	eq	version:	2.0	Trust: 0.3
vendor:	hp	model:	virtualvault a.04.60	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.11	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.19	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.18	Trust: 0.3
vendor:	hp	model:	compaq secure web server for openvms php	scope:	eq	version:	2.0	Trust: 0.3
vendor:	tinysofa	model:	enterprise server -u1	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apache	model:	a9	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.27	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.00	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	3.0	Trust: 0.3
vendor:	redhat	model:	network proxy (for rhel	scope:	eq	version:	3)4.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	2.0.50	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.3	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.36	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.41	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.29	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.6	Trust: 0.3
vendor:	debian	model:	linux ppc	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.17	Trust: 0.3
vendor:	redhat	model:	enterprise linux es ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	10.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.31	Trust: 0.3
vendor:	mod ssl	model:	mod ssl	scope:	eq	version:	2.8.15	Trust: 0.3
vendor:	sgi	model:	propack	scope:	eq	version:	2.4	Trust: 0.3

sources: BID: 13139 // BID: 10355 // JVNDB: JVNDB-2004-000199 // CNNVD: CNNVD-200407-016 // NVD: CVE-2004-0488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0488
value:	HIGH
Trust: 1.0
NVD:	CVE-2004-0488
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200407-016
value:	HIGH
Trust: 0.6
VULHUB:	VHN-8918
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0488
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8918
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8918 // JVNDB: JVNDB-2004-000199 // CNNVD: CNNVD-200407-016 // NVD: CVE-2004-0488

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2004-0488

THREAT TYPE

network

Trust: 0.6

sources: BID: 13139 // BID: 10355

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200407-016

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000199

PATCH

title:	2.0 CHANGES	url:	http://www.apache.org/dist/httpd/CHANGES_2.0	Trust: 0.8
title:	HPSBUX01068	url:	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01068	Trust: 0.8
title:	HPSBUX01064	url:	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01064	Trust: 0.8
title:	HPSBUX01068	url:	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01068.html	Trust: 0.8
title:	HPSBUX01064	url:	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01064.html	Trust: 0.8
title:	mod_ssl	url:	http://www.miraclelinux.com/support/update/data/mod_ssl.html	Trust: 0.8
title:	httpd	url:	http://www.miraclelinux.com/support/update/data/httpd.html	Trust: 0.8
title:	Top Page	url:	http://www.modssl.org/	Trust: 0.8
title:	RHSA-2004:245	url:	https://rhn.redhat.com/errata/RHSA-2004-245.html	Trust: 0.8
title:	RHSA-2004:342	url:	https://rhn.redhat.com/errata/RHSA-2004-342.html	Trust: 0.8
title:	550 Apache and Openssl Security Update 0.0.1	url:	http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng	Trust: 0.8
title:	TLSA-2006-32	url:	http://www.turbolinux.com/security/2006/TLSA-2006-32.txt	Trust: 0.8
title:	RHSA-2004:245	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-245J.html	Trust: 0.8
title:	RHSA-2004:342	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-342J.html	Trust: 0.8
title:	TLSA-2006-32	url:	http://www.turbolinux.co.jp/security/2006/TLSA-2006-32j.txt	Trust: 0.8

sources: JVNDB: JVNDB-2004-000199

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0488	Trust: 3.1
db:	BID	id:	10355	Trust: 2.8
db:	JVNDB	id:	JVNDB-2004-000199	Trust: 0.8
db:	CNNVD	id:	CNNVD-200407-016	Trust: 0.7
db:	BID	id:	13139	Trust: 0.3
db:	SEEBUG	id:	SSVID-87504	Trust: 0.1
db:	VULHUB	id:	VHN-8918	Trust: 0.1

sources: VULHUB: VHN-8918 // BID: 13139 // BID: 10355 // JVNDB: JVNDB-2004-000199 // CNNVD: CNNVD-200407-016 // NVD: CVE-2004-0488

REFERENCES

url:	http://www.securityfocus.com/bid/10355	Trust: 2.5
url:	http://rhn.redhat.com/errata/rhsa-2004-245.html	Trust: 2.0
url:	http://www.debian.org/security/2004/dsa-532	Trust: 1.7
url:	https://bugzilla.fedora.us/show_bug.cgi?id=1888	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/021610.html	Trust: 1.7
url:	http://security.gentoo.org/glsa/glsa-200406-05.xml	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdksa-2004:054	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdksa-2004:055	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11458	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2004-342.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2004-405.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2005-816.html	Trust: 1.7
url:	http://www.trustix.net/errata/2004/0031/	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16214	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=109215056218824&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=108619129727620&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=109181600614477&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=108567431823750&w=2	Trust: 1.6
url:	ftp://patches.sgi.com/support/free/security/advisories/20040605-01-u.asc	Trust: 1.1
url:	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0488	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0488	Trust: 0.8
url:	httpd.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3ccvs.	Trust: 0.6
url:	http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf	Trust: 0.3
url:	http://www.oracle.com/index.html	Trust: 0.3
url:	http://www.peoplesoft.com:80/corp/en/support/security_index.jsp	Trust: 0.3
url:	/archive/1/395699	Trust: 0.3
url:	http://httpd.apache.org/	Trust: 0.3
url:	http://www.modssl.org	Trust: 0.3
url:	http://www.openbsd.org/errata.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2004-342.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2004-405.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2005-816.html	Trust: 0.3
url:	http://www4.itrc.hp.com/service/cki/docdisplay.do?admit=-938907319+1097930936036+28353475&docid=hpsbov01083	Trust: 0.3
url:	http://www.tinysofa.org/support/errata/2004/008.html	Trust: 0.3
url:	http://support.avaya.com/japple/css/japple?temp.groupid=128450&temp.selectedfamily=128451&temp.selectedproduct=154235&temp.selectedbucket=126655&temp.feedbackstate=askforfeedback&temp.documentid=19466	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2008-0523.html	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108567431823750&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=108619129727620&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=109181600614477&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=109215056218824&w=2	Trust: 0.1
url:	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3ccvs.httpd.apache.org%3e	Trust: 0.1

sources: VULHUB: VHN-8918 // BID: 13139 // BID: 10355 // JVNDB: JVNDB-2004-000199 // CNNVD: CNNVD-200407-016 // NVD: CVE-2004-0488

CREDITS

Georgi Guninski※ guninski@guninski.com

Trust: 0.6

sources: CNNVD: CNNVD-200407-016

SOURCES

db:	VULHUB	id:	VHN-8918
db:	BID	id:	13139
db:	BID	id:	10355
db:	JVNDB	id:	JVNDB-2004-000199
db:	CNNVD	id:	CNNVD-200407-016
db:	NVD	id:	CVE-2004-0488

LAST UPDATE DATE

2024-08-14T13:01:07.751000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8918	date:	2017-10-11T00:00:00
db:	BID	id:	13139	date:	2006-05-05T23:30:00
db:	BID	id:	10355	date:	2008-07-01T00:40:00
db:	JVNDB	id:	JVNDB-2004-000199	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200407-016	date:	2022-09-26T00:00:00
db:	NVD	id:	CVE-2004-0488	date:	2023-11-07T01:56:42.070

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8918	date:	2004-07-07T00:00:00
db:	BID	id:	13139	date:	2005-04-12T00:00:00
db:	BID	id:	10355	date:	2004-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2004-000199	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200407-016	date:	2003-07-18T00:00:00
db:	NVD	id:	CVE-2004-0488	date:	2004-07-07T04:00:00