Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-x89d-7t1q-skcx
Vulnerability ID VCID-x89d-7t1q-skcx
Aliases CVE-2004-0492
Summary A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash, although this does not represent a significant Denial of Service attack as requests will continue to be handled by other Apache child processes. This issue may lead to remote arbitrary code execution on some BSD platforms.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.23714 https://api.first.org/data/v1/epss?cve=CVE-2004-0492
epss 0.23714 https://api.first.org/data/v1/epss?cve=CVE-2004-0492
epss 0.23714 https://api.first.org/data/v1/epss?cve=CVE-2004-0492
epss 0.23714 https://api.first.org/data/v1/epss?cve=CVE-2004-0492
epss 0.23714 https://api.first.org/data/v1/epss?cve=CVE-2004-0492
epss 0.23714 https://api.first.org/data/v1/epss?cve=CVE-2004-0492
epss 0.23714 https://api.first.org/data/v1/epss?cve=CVE-2004-0492
epss 0.23714 https://api.first.org/data/v1/epss?cve=CVE-2004-0492
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2004-0492.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0492.json
https://api.first.org/data/v1/epss?cve=CVE-2004-0492
430527 https://bugzilla.redhat.com/show_bug.cgi?id=430527
CVE-2004-0492 https://httpd.apache.org/security/json/CVE-2004-0492.json
RHSA-2004:245 https://access.redhat.com/errata/RHSA-2004:245
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.95963
EPSS Score 0.23714
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:12.720419+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2004-0492.json 38.0.0