Vulnerability Description
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | >= 2.0.36, < 2.0.55 |
| Canonical | Ubuntu Linux | 4.10 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Enterprise Linux Server | 3.0 |
| Redhat | Enterprise Linux Workstation | 3.0 |
| Fedoraproject | Fedora Core | 4 |
Related Weaknesses (CWE)
References
- http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/%3C20051001110218
- http://rhn.redhat.com/errata/RHSA-2006-0159.htmlThird Party Advisory
- http://secunia.com/advisories/16559Not Applicable
- http://secunia.com/advisories/17923Not Applicable
- http://secunia.com/advisories/18161Not Applicable
- http://secunia.com/advisories/18333Not Applicable
- http://secunia.com/advisories/18585Not Applicable
- http://securitytracker.com/id?1015093Broken LinkThird Party AdvisoryVDB Entry
- http://svn.apache.org/viewcvs?rev=292949&view=revVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:233Broken Link
- http://www.novell.com/linux/security/advisories/2005_28_sr.htmlBroken Link
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.htmlMailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/425399/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/15762Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e0593
FAQ
What is CVE-2005-2970?
CVE-2005-2970 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the m...
How severe is CVE-2005-2970?
CVE-2005-2970 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2970?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.