Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fn5k-e2jr-6ube
Vulnerability ID VCID-fn5k-e2jr-6ube
Aliases CVE-2008-2364
Summary A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. A remote attacker could cause a denial of service or high memory usage.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
epss 0.02213 https://api.first.org/data/v1/epss?cve=CVE-2008-2364
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2008-2364.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-2364
Reference id Reference type URL
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://marc.info/?l=bugtraq&m=123376588623823&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://rhn.redhat.com/errata/RHSA-2008-0967.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2364.json
https://api.first.org/data/v1/epss?cve=CVE-2008-2364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
http://secunia.com/advisories/30621
http://secunia.com/advisories/31026
http://secunia.com/advisories/31404
http://secunia.com/advisories/31416
http://secunia.com/advisories/31651
http://secunia.com/advisories/31904
http://secunia.com/advisories/32222
http://secunia.com/advisories/32685
http://secunia.com/advisories/32838
http://secunia.com/advisories/33156
http://secunia.com/advisories/33797
http://secunia.com/advisories/34219
http://secunia.com/advisories/34259
http://secunia.com/advisories/34418
http://security.gentoo.org/glsa/glsa-200807-06.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/42987
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1
http://support.apple.com/kb/HT3216
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328
http://www-01.ibm.com/support/docview.wss?uid=swg27008517
http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579
http://www.mandriva.com/security/advisories?name=MDVSA-2008:195
http://www.mandriva.com/security/advisories?name=MDVSA-2008:237
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.redhat.com/support/errata/RHSA-2008-0966.html
http://www.securityfocus.com/archive/1/494858/100/0/threaded
http://www.securityfocus.com/archive/1/498567/100/0/threaded
http://www.securityfocus.com/bid/29653
http://www.securityfocus.com/bid/31681
http://www.securitytracker.com/id?1020267
http://www.ubuntu.com/usn/USN-731-1
http://www.vupen.com/english/advisories/2008/1798
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0320
451615 https://bugzilla.redhat.com/show_bug.cgi?id=451615
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
CVE-2008-2364 https://httpd.apache.org/security/json/CVE-2008-2364.json
CVE-2008-2364 https://nvd.nist.gov/vuln/detail/CVE-2008-2364
GLSA-200807-06 https://security.gentoo.org/glsa/200807-06
RHSA-2008:0967 https://access.redhat.com/errata/RHSA-2008:0967
USN-731-1 https://usn.ubuntu.com/731-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2364
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84389
EPSS Score 0.02213
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:15.302053+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2008-2364.json 38.0.0