CVE-2004-0174
moderate-risk
Published 2004-05-04
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
Do I need to act?
!
19.9% chance of exploitation in next 30 days
EPSS score — higher than 80% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (70)
Mailing List
http://marc.info/?l=bugtraq&m=107973894328806&w=2
Mailing List
http://marc.info/?l=bugtraq&m=108066914830552&w=2
Mailing List
http://marc.info/?l=bugtraq&m=108369640424244&w=2
Mailing List
http://marc.info/?l=bugtraq&m=108437852004207&w=2
Mailing List
http://marc.info/?l=bugtraq&m=108731648532365&w=2
Broken Link
http://secunia.com/advisories/11170
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200405-22.xml
Broken Link
http://www.apache.org/dist/httpd/CHANGES_1.3
Third Party Advisory
http://www.kb.cert.org/vuls/id/132110
Broken Link
http://www.securityfocus.com/bid/9921
Broken Link
http://www.trustix.org/errata/2004/0027
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15540
and 50 more references
45
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
14/34 · Moderate
Exposure
5/34 · Minimal