5
CVSSv2

CVE-2005-2728

Published: 30/08/2005 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The byte-range filter in Apache 2.0 prior to 2.0.54 allows remote malicious users to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.0.42

apache http server 2.0.47

apache http server 2.0.50

apache http server 2.0.35

apache http server 2.0.37

apache http server 2.0.44

apache http server 2.0.39

apache http server 2.0.52

apache http server 2.0.53

apache http server 2.0.51

apache http server 2.0.28

apache http server 2.0.41

apache http server 2.0.49

apache http server 2.0.9

apache http server 2.0.32

apache http server 2.0.38

apache http server 2.0.48

apache http server 2.0.45

apache http server 2.0.40

apache http server 2.0.36

apache http server 2.0.46

apache http server 2.0.43

apache http server 2.0

Vendor Advisories

Synopsis httpd security update Type/Severity Security Advisory: Important Topic Updated Apache httpd packages that correct two security issues are nowavailable for Red Hat Enterprise Linux 3 and 4This update has been rated as having important security impact by the RedHat Security Response Team D ...
Apache did not honour the “SSLVerifyClient require” directive within a <Location> block if the surrounding <VirtualHost> block contained a directive “SSLVerifyClient optional” This allowed clients to bypass client certificate validation on servers with the above configuration (CAN-2005-2700) ...
Several problems have been discovered in Apache2, the next generation, scalable, extendable web server The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-1268 Marc Stern discovered an off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback When Apache is config ...

References

NVD-CWE-Otherhttp://issues.apache.org/bugzilla/show_bug.cgi?id=29962http://www.gentoo.org/security/en/glsa/glsa-200508-15.xmlhttp://www.securityfocus.com/bid/14660http://secunia.com/advisories/16559/http://www.debian.org/security/2005/dsa-805http://www.mandriva.com/security/advisories?name=MDKSA-2005:161http://www.redhat.com/support/errata/RHSA-2005-608.htmlhttp://www.novell.com/linux/security/advisories/2005_51_apache2.htmlhttp://www.ubuntu.com/usn/usn-177-1http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlhttp://secunia.com/advisories/16705http://secunia.com/advisories/16714http://secunia.com/advisories/16743http://secunia.com/advisories/16746http://secunia.com/advisories/16753http://secunia.com/advisories/16754http://secunia.com/advisories/16769http://secunia.com/advisories/16789http://secunia.com/advisories/16956http://secunia.com/advisories/17036http://secunia.com/advisories/17288http://secunia.com/advisories/17600http://secunia.com/advisories/17831http://secunia.com/advisories/17923http://secunia.com/advisories/18161http://secunia.com/advisories/18333ftp://patches.sgi.com/support/free/security/advisories/20060101-01-Uhttp://secunia.com/advisories/18517http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1http://secunia.com/advisories/19072http://support.avaya.com/elmodocs2/security/ASA-2006-081.htmhttp://www.novell.com/linux/security/advisories/2005_52_apache2.htmlhttp://securityreason.com/securityalert/604http://www.vupen.com/english/advisories/2006/0789https://exchange.xforce.ibmcloud.com/vulnerabilities/22006https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A760https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1727https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1246https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10017http://www.securityfocus.com/archive/1/428138/100/0/threadedhttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2005:608https://nvd.nist.govhttps://usn.ubuntu.com/177-1/