SecurityTracker Alert ID: 1011213 SecurityTracker URL: http://securitytracker.com/id?1011213 CVE Reference: CAN-2004-0751 (Links to External Site) OSVDB Reference: 9742 (Links to External Site) Date: Sep 10 2004 Impact: Denial of service via network Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes Version(s): 2.0.50 Description: A vulnerability was reported in Apache mod_ssl when used as a reverse proxy. A remote user can cause denial of service conditions in a certain configuration. M. "Alex" Hankins reported that a remote user can trigger a buffer overflow in char_buffer_read() when using a RewriteRule to reverse proxy SSL connections. A remote server can cause Apache to crash. Impact: A remote server can cause Apache to crash. Solution: A fix is available via CVS at: http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.125&r2=1.126 Vendor URL: issues.apache.org/bugzilla/show_bug.cgi?id=30134 (Links to External Site) Cause: Boundary error Underlying OS: Linux (Any), UNIX (Any) Underlying OS Comments: Tested on Solaris Message History: None.
Created attachment 39362 [details, diff] The patch to fix the vulnerability
*** This bug has been marked as a duplicate of 62626 ***