Unrated severityNVD Advisory· Published Aug 6, 2004· Updated Apr 16, 2026

CVE-2004-0493

Description

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

Affected products

Apache/Http Server3 versions
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
IBM/Http Server5 versions
cpe:2.3:a:ibm:http_server:2.0.42:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:http_server:2.0.42:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:http_server:2.0.42.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:http_server:2.0.42.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:http_server:2.0.47:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:http_server:2.0.47.1:*:*:*:*:*:*:*
Avaya/Converged Communications Server
cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*
Avaya/S8300
cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*
Avaya/S8500
cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*
Avaya/S8700
cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*
Gentoo/Linux
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
Trustix/Secure Linux3 versions
cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.072
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000