HTTP 1.1 Header Overflow Network Vulnerability

Summary

It was possible to kill the web server by sending an invalid request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range, Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE, Host) A cracker may exploit this vulnerability to make your web server crash continually or even execute arbirtray code on your system.

Solution

upgrade your software or protect it with a filtering reverse proxy

Severity

Classification

CVE CVE-2003-0180

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Format string on HTTP header value
scp File Create/Overwrite
Cyrus IMAP pre-login buffer overrun
rsync path sanitation vulnerability
cyrus-imsp abook_dbname buffer overflow

HTTP 1.1 header overflow

Take action and discover your vulnerabilities