CVE-2004-2680 - Vulnerability Details - OpenCVE

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.1009.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Mod Python

Configuration 1 [-]

cpe:2.3:a:apache:mod_python:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Ubuntu USN	USN-430-1	mod_python vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772%40pixar.com%3e
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772%40pixar.com%3e
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772%40pixar.com%3e
http://secunia.com/advisories/24418
http://secunia.com/advisories/24424
http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561
http://www.securityfocus.com/archive/1/462185/100/0/threaded
http://www.securityfocus.com/bid/22849
http://www.ubuntu.com/usn/usn-430-1
http://www.vupen.com/english/advisories/2007/0846
https://exchange.xforce.ibmcloud.com/vulnerabilities/14751
https://issues.rpath.com/browse/RPL-1105
https://launchpad.net/bugs/89308
https://nvd.nist.gov/vuln/detail/CVE-2004-2680
https://www.cve.org/CVERecord?id=CVE-2004-2680

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2007-03-04T23:00:00

Updated: 2024-08-08T01:36:25.328Z

Reserved: 2007-03-04T00:00:00

Link: CVE-2004-2680

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-12-31T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-2680

Redhat

Severity : Low

Publid Date: 2004-04-16T00:00:00Z

Links: CVE-2004-2680 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "24424", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24424"}, {"name": "USN-430-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-430-1"}, {"name": "[httpd-python-dev] 20040416 patch for filterobject.c", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772%40pixar.com%3e"}, {"name": "20070307 rPSA-2007-0051-1 mod_python", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/462185/100/0/threaded"}, {"name": "[httpd-python-dev] 20040416 Re: possible bug in filter.write()", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772%40pixar.com%3e"}, {"name": "ADV-2007-0846", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0846"}, {"name": "[httpd-python-dev] 20040416 possible bug in filter.write()", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772%40pixar.com%3e"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/89308"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1105"}, {"name": "24418", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24418"}, {"name": "22849", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22849"}, {"name": "modpython-outputfilter-info-disclosure(14751)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14751"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2004-2680", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24424", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24424"}, {"name": "USN-430-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-430-1"}, {"name": "[httpd-python-dev] 20040416 patch for filterobject.c", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772@pixar.com%3e"}, {"name": "20070307 rPSA-2007-0051-1 mod_python", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462185/100/0/threaded"}, {"name": "[httpd-python-dev] 20040416 Re: possible bug in filter.write()", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772@pixar.com%3e"}, {"name": "ADV-2007-0846", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0846"}, {"name": "[httpd-python-dev] 20040416 possible bug in filter.write()", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772@pixar.com%3e"}, {"name": "https://launchpad.net/bugs/89308", "refsource": "CONFIRM", "url": "https://launchpad.net/bugs/89308"}, {"name": "http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561"}, {"name": "https://issues.rpath.com/browse/RPL-1105", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1105"}, {"name": "24418", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24418"}, {"name": "22849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22849"}, {"name": "modpython-outputfilter-info-disclosure(14751)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14751"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:36:25.328Z"}, "title": "CVE Program Container", "references": [{"name": "24424", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24424"}, {"name": "USN-430-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-430-1"}, {"name": "[httpd-python-dev] 20040416 patch for filterobject.c", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772%40pixar.com%3e"}, {"name": "20070307 rPSA-2007-0051-1 mod_python", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/462185/100/0/threaded"}, {"name": "[httpd-python-dev] 20040416 Re: possible bug in filter.write()", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772%40pixar.com%3e"}, {"name": "ADV-2007-0846", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0846"}, {"name": "[httpd-python-dev] 20040416 possible bug in filter.write()", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772%40pixar.com%3e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/bugs/89308"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1105"}, {"name": "24418", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24418"}, {"name": "22849", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22849"}, {"name": "modpython-outputfilter-info-disclosure(14751)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14751"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2004-2680", "datePublished": "2007-03-04T23:00:00", "dateReserved": "2007-03-04T00:00:00", "dateUpdated": "2024-08-08T01:36:25.328Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:mod_python:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9CA3501-ED5C-4CF8-A40B-5784F3502729", "versionEndIncluding": "3.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory."}], "id": "CVE-2004-2680", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "security@ubuntu.com", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772%40pixar.com%3e"}, {"source": "security@ubuntu.com", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772%40pixar.com%3e"}, {"source": "security@ubuntu.com", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772%40pixar.com%3e"}, {"source": "security@ubuntu.com", "url": "http://secunia.com/advisories/24418"}, {"source": "security@ubuntu.com", "url": "http://secunia.com/advisories/24424"}, {"source": "security@ubuntu.com", "url": "http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561"}, {"source": "security@ubuntu.com", "url": "http://www.securityfocus.com/archive/1/462185/100/0/threaded"}, {"source": "security@ubuntu.com", "url": "http://www.securityfocus.com/bid/22849"}, {"source": "security@ubuntu.com", "url": "http://www.ubuntu.com/usn/usn-430-1"}, {"source": "security@ubuntu.com", "url": "http://www.vupen.com/english/advisories/2007/0846"}, {"source": "security@ubuntu.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14751"}, {"source": "security@ubuntu.com", "url": "https://issues.rpath.com/browse/RPL-1105"}, {"source": "security@ubuntu.com", "tags": ["Patch"], "url": "https://launchpad.net/bugs/89308"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772%40pixar.com%3e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772%40pixar.com%3e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772%40pixar.com%3e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462185/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22849"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-430-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0846"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14751"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://launchpad.net/bugs/89308"}], "sourceIdentifier": "security@ubuntu.com", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2004-2680\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/", "lastModified": "2009-05-21T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}