Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
CVSS v2.0 Score
5.0
/ 10.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Information
- Published
- 29 mars 2004
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
apache http serverAll Apache HTTP Server CVEs →
Versions : 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39
Weaknesses (CWE)
NVD-CWE-Other
References (58)
- http://www.apacheweek.com/features/security-20Vendor Advisory
- http://www.securityfocus.com/bid/9826PatchVendor Advisory
- + 43 more references on NVD
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.