Vulnerability Details : CVE-2004-2680
mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
Products affected by CVE-2004-2680
- cpe:2.3:a:apache:mod_python:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2680
0.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2680
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2004-2680
-
Red Hat 2009-05-21Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2004-2680 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
References for CVE-2004-2680
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/14751
Apache Mod_python output filter information disclosure CVE-2004-2680 Vulnerability Report
-
http://www.ubuntu.com/usn/usn-430-1
USN-430-1: mod_python vulnerability | Ubuntu security notices | Ubuntu
-
http://www.vupen.com/english/advisories/2007/0846
Site en construction
-
http://www.securityfocus.com/bid/22849
-
http://www.securityfocus.com/archive/1/462185/100/0/threaded
-
https://launchpad.net/bugs/89308
Bug #89308 “buffer leak in outputfilter” : Bugs : libapache2-mod-python package : UbuntuPatch
-
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772@pixar.com%3e
-
http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561
[Apache-SVN] Diff of /httpd/mod_python/trunk/src/filterobject.c
-
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772@pixar.com%3e
-
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772@pixar.com%3e
-
https://issues.rpath.com/browse/RPL-1105
Jump to