LiveActive security incident?Get immediate response
CVE Record

CVE-2004-2680: mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process m...

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's Takemoderate

Analyst readout for executives and security teams

Plain-English summary

This is an old information-disclosure issue in Apache mod_python. When vulnerable output filters handle responses over 16 KB, the module may return data from previously freed memory. That could expose sensitive server or application data if an affected legacy deployment is still reachable.

Executive priority

Address during legacy web-server risk reduction, with higher priority for internet-facing systems. The issue can leak memory contents, but the provided evidence does not show active exploitation or broad modern exposure.

Technical view

mod_python/libapache2-mod-python 3.1.4 and earlier mishandles output-filter reads above 16384 bytes. The reported failure mode is filter.read returning portions of freed memory, creating a memory disclosure risk. The source bundle references an Apache filterobject.c patch and vendor advisories, but does not provide CVSS details.

Likely exposure

Exposure is most likely on legacy Apache deployments still using mod_python or libapache2-mod-python 3.1.4 or earlier, especially where Python output filters process larger responses. Modern stacks not using mod_python are not indicated as affected by the provided sources.

Exploitation context

The bundle does not show CISA KEV listing, active exploitation, public exploit use, or weaponized details. Treat this as a plausible remote information-disclosure risk only where the obsolete module is deployed and reachable.

Researcher notes

The key condition is output-filter processing over 16384 bytes in mod_python 3.1.4 and earlier. Sources identify freed-memory disclosure and reference an Apache source patch, but affected package fixed versions and exploitability details are incomplete in the supplied bundle.

Mitigation direction

  • Inventory Apache servers for mod_python or libapache2-mod-python version 3.1.4 or earlier.
  • Apply vendor-provided mod_python updates where available from the relevant distribution.
  • If no supported update exists, remove or disable mod_python usage.
  • Review Apache configuration for Python output filters handling large responses.
  • Prioritize externally reachable legacy web servers before internal-only systems.

Validation and detection

  • Confirm installed package versions against vendor advisory records.
  • Check Apache module loading and configuration for mod_python output filters.
  • Verify distribution changelogs include the referenced filterobject.c fix.
  • Test affected applications in staging after updating or disabling the module.
  • Document unsupported legacy servers that cannot be remediated immediately.
Prepared
Confidence
medium
Sources
8

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2004-2680 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
14Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.