Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:342

The remote host is missing updates announced in
advisory RHSA-2004:342.

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.

A stack buffer overflow was discovered in mod_ssl that could be triggered
if using the FakeBasicAuth option. If mod_ssl was sent a client certificate
with a subject DN field longer than 6000 characters, a stack overflow
occured if FakeBasicAuth had been enabled. In order to exploit this issue
the carefully crafted malicious certificate would have had to be signed by
a Certificate Authority which mod_ssl is configured to trust. The Common
Vulnerabilities and Exposures project ( has assigned the name
CVE-2004-0488 to this issue.

A remotely triggered memory leak in the Apache HTTP Server earlier than
version 2.0.50 was also discovered. This allowed a remote attacker to
perform a denial of service attack against the server by forcing it to
consume large amounts of memory. The Common Vulnerabilities and Exposures
project ( has assigned the name CVE-2004-0493 to this issue.

Users of the Apache HTTP server should upgrade to these updated packages,
which contain backported patches that address these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0488
BugTraq ID: 10355
Bugtraq: 20040527 [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache) (Google Search)
Bugtraq: 20040601 TSSA-2004-008 - apache (Google Search)
Debian Security Information: DSA-532 (Google Search)
HPdes Security Advisory: SSRT4777
HPdes Security Advisory: SSRT4788
RedHat Security Advisories: RHSA-2004:245
SGI Security Advisory: 20040605-01-U
XForce ISS Database: apache-modssl-uuencode-bo(16214)
Common Vulnerability Exposure (CVE) ID: CVE-2004-0493
BugTraq ID: 10619
Bugtraq: 20040629 TSSA-2004-012 - apache (Google Search)
XForce ISS Database: apache-apgetmimeheaderscore-dos(16524)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.