CVE-2004-0751
Description
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A segmentation fault in mod_ssl's char_buffer_read function when reverse proxying to an SSL server causes a denial of service in Apache 2.x.
Vulnerability
A segmentation fault occurs in the char_buffer_read function within the mod_ssl module of Apache HTTP Server 2.x. This vulnerability is triggered when Apache is configured for reverse proxying to an SSL server. The issue affects Apache 2.x versions prior to 2.0.51 [1][2].
Exploitation
An attacker does not require authentication or local access. By sending a specially crafted request to a server that is acting as a reverse proxy to an SSL backend, the attacker can cause the char_buffer_read function to dereference a null or invalid pointer, leading to a segmentation fault. No user interaction is needed beyond the network request [2][3].
Impact
Successful exploitation results in a denial of service (DoS) by crashing the Apache child process handling the request. This can lead to service disruption for legitimate users. The vulnerability does not allow code execution or privilege escalation [1][2].
Mitigation
The fix is included in Apache HTTP Server 2.0.51 and later [2]. Users are advised to upgrade to at least version 2.0.51. No known workaround exists for unpatched versions [2]. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.x
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- issues.apache.org/bugzilla/show_bug.cginvdIssue TrackingPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200409-21.xmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2004-463.htmlnvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/17273nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11864nvdThird Party Advisory
- archives.neohapsis.com/archives/bugtraq/2004-09/0096.htmlnvdBroken Link
- www.mandrakesecure.net/en/advisories/advisory.phpnvdBroken Link
- www.novell.com/linux/security/advisories/2004_30_apache2.htmlnvdBroken Link
- www.trustix.org/errata/2004/0047/nvdBroken Link
- lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Envd
News mentions
0No linked articles in our index yet.