Vulnerability Description
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 2.0 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- http://issues.apache.org/bugzilla/show_bug.cgi?id=29962PatchVendor Advisory
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://secunia.com/advisories/16559/Vendor Advisory
- http://secunia.com/advisories/16705
- http://secunia.com/advisories/16714
- http://secunia.com/advisories/16743
- http://secunia.com/advisories/16746
- http://secunia.com/advisories/16753
- http://secunia.com/advisories/16754
- http://secunia.com/advisories/16769
- http://secunia.com/advisories/16789
- http://secunia.com/advisories/16956
- http://secunia.com/advisories/17036
- http://secunia.com/advisories/17288
FAQ
What is CVE-2005-2728?
CVE-2005-2728 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
How severe is CVE-2005-2728?
CVE-2005-2728 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2728?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.