CVE-2004-0751

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

Predictions

Exploit likelihood

55%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-24590 dos linux verified text · 1 KB

M. _Alex_ Hankins · 2004-09-10

Apache mod_ssl 2.0.x - Remote Denial of Service

text exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/11154/info

Apache 2.x mod_ssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the 'char_buffer_read' function of the 'ssl_engine_io.c' file. 

It is likely that this issue only results in a denial of service condition in child process. This BID will be updated as more information becomes available.

Apache 2.0.50 is reported to be affected by this issue, however, it is possible that other versions are vulnerable as well.

With the following configuration in httpd.conf:
Listen 47290
SSLProxyEngine on
RewriteEngine on
RewriteRule /(.*) https://www.example.com/$1 [P]

The server may be crashed by issuing the following URI:
http://www.example.com:47290/eRoomASP/CookieTest.asp?facility=facility&URL=%2FeRoom%2FFacility%2FRoom%2F0_4242

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`2.0.50-11`
sid	Fixed	`2.0.50-11`
forky	Fixed	`2.0.50-11`
bullseye	Fixed	`2.0.50-11`
bookworm	Fixed	`2.0.50-11`

References

https://security-tracker.debian.org/tracker/CVE-2004-0751

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.